QUESTION 291 Hotspot Question Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012 R2. Server1 and 5erver2 are nodes in a Network Load Balancing (NLB) cluster. The NLB cluster contains an application named App1 that is accessed by using the URL http://app1.contoso.com. You deploy a new server named Server3 that runs Windows Server 2012 R2. The contoso.com DNS zone contains the records shown in the following table. You need to add Server3 to the NLB cluster. What command should you run? To answer, select the appropriate options in the answer area. Answer:

QUESTION 292 Drag and Drop Question Your network contains an Active Directory domain named contoso.com. The domain contains four member servers named Server1, Server2, Server3, and Server4. All servers run Windows Server 2012 R2. Server1 and Server3 are located in a site named Site1. Server2 and Server4 are located in a site named Site2. The servers are configured as nodes in a failover cluster named Cluster1. Dynamic quorum management is disabled. Cluster1 is configured to use the Node Majority quorum configuration. You need to ensure that users in Site2 can access Cluster1 if the network connection between the two sites becomes unavailable. What should you run from Windows PowerShell? To answer, drag the appropriate commands to the correct location. Each command may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. Answer:

QUESTION 293 Hotspot Question Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The network has the physical sites and TCP/IP subnets configured as shown in the following table. You have a web application named App1 that is hosted on six separate Web servers. DNS has the host names and IP addresses registered as shown in the following table. You discover that when users connect to appl.contoso.com, they are connected frequently to a server that is not on their local subnet. You need to ensure that when the users connect to appl.contoso.com, they connect to a server on their local subnet. The connections must be distributed across the servers that host appl.contoso.com on their subnet. Which two settings should you configure? To answer, select the appropriate two settings in the answer area. Answer:

QUESTION 294 You have a server named Server1. You install the IP Address Management (IPAM) Server feature on Server1. You need to provide a user named User1 with the ability to set the access scope of all the DHCP servers that are managed by IPAM. The solution must use the principle of least privilege. Which user role should you assign to User1?

Answer: C Explanation: IPAM ASM Administrators IPAM ASM Administrators is a local security group on an IPAM server that is created when you install the IPAM feature. Members of this group have all the privileges of the IPAM Users security group, and can perform IP address space tasks in addition to IPAM common management tasks. Note: When you install IPAM Server, the following local role-based IPAM security groups are created: IPAM Users IPAM MSM Administrators IPAM ASM Administrators IPAM IP Audit Administrators IPAM Administrators Incorrect: not A: Too much privileges. IPAM Administrators IPAM Administrators is a local security group on an IPAM server that is created when you install the IPAM feature. Members of this group have privileges to view all IPAM data and perform all IPAM tasks.

QUESTION 295 Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. You install the DHCP Server server role on Server1 and Server2. You install the IP Address Management (IPAM) Server feature on Server1. You notice that you cannot discover Server1 or Server2 in IPAM. You need to ensure that you can use IPAM to discover the DHCP infrastructure. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. On Server2, create an IPv4 scope. B. On Server1, run the Add-IpamServerInventory cmdlet. C. On Server2, run the Add-DhcpServerInDc cmdlet D. On both Server1 and Server2, run the Add-DhcpServerv4Policy cmdlet. E. On Server1, uninstall the DHCP Server server role.

Answer: BC Explanation: The Add-IpamServerInventory cmdlet adds a new infrastructure server to the IP Address Management (IPAM) server inventory. Use the fully qualified domain name (FQDN) of the server to add to the server inventory. The Add-DhcpServerInDC cmdlet adds the computer running the DHCP server service to the list of authorized Dynamic Host Configuration Protocol (DHCP) server services in the Active Directory (AD). A DHCP server service running on a domain joined computer needs to be authorized in AD so that it can start leasing IP addresses on the network.

QUESTION 296 Your network contains two Active Directory forests named contoso.com and corp.contoso.com. User1 is a member of the DnsAdmins domain local group in contoso.com. User1 attempts to create a conditional forwarder to corp.contoso.com but receive an error message shown in the exhibit. (Click the Exhibit button.) You need to configure bi-directional name resolution between the two forests. What should you do first?

A. Add User1 to the DnsUpdateProxy group. B. Configure the zone to be Active Directory-integrated. C. Enable the Advanced view from DNS Manager. D. Run the New Delegation Wizard.

Answer: A

QUESTION 297 Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains one domain. Contoso.com has a two-way forest trust to adatum.com. Selective authentication is enabled on the forest trust. Contoso contains 10 servers that have the File Server role service installed. Users successfully access shared folders on the file servers by using permissions granted to the Authenticated Users group. You migrate the file servers to adatum.com. Contoso users report that after the migration, they are unable to access shared folders on the file servers. You need to ensure that the Contoso users can access the shared folders on the file servers. What should you do?

QUESTION 298 You have a server named FS1 that runs Windows Server 2012 R2. You install the File and Storage Services server role on FS1. From Windows Explorer, you view the properties of a shared folder named Share1 and you discover that the Classification tab is missing. You need to ensure that you can assign classifications to Share1 from Windows Explorer manually. What should you do?

QUESTION 299 Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 are configured as shown in the following table. You need to ensure that when new targets are added to Server1, the targets are registered on Server2 automatically. What should you do on Server1?

A. Configure the Discovery settings of the iSCSI initiator. B. Configure the security settings of the iSCSI target. C. Run the Set-Wmilnstance cmdlet. D. Run the Set-IscsiServerTarget cmdlet.

Answer: C

QUESTION 300 Hotspot Question You have a file server named Server1 that runs Windows Server 2012 R2. Server1 contains a file share that must be accessed by only a limited number of users. You need to ensure that if an unauthorized user attempts to access the file share, a custom access-denied message appears, which contains a link to request access to the share. The message must not appear when the unauthorized user attempts to access other shares. Which two nodes should you configure in File Server Resource Manager? To answer, select the appropriate two nodes in the answer area. Answer:

QUESTION 281 Your network contains an Active Directory forest named contoso.com. Users frequently access the website of an external partner company. The URL of the website is http://partners.adatum.com. The partner company informs you that it will perform maintenance on its Web server and that the IP addresses of the Web server will change. After the change is complete, the users on your internal network report that they fail to access the website. However, some users who work from home report that they can access the website. You need to ensure that your DNS servers can resolve partners.adatum.com to the correct IP address immediately. What should you do?

A. Run dnscmd and specify the CacheLockingPercent parameter. B. Run Set-DnsServerGlobalQueryBlockList. C. Run ipconfig and specify the Renew parameter. D. Run Set-DnsServerCache.

Answer: A Explanation: * To configure cache locking using a command line Open an elevated command prompt. Type the following command, and then press ENTER: dnscmd /Config /CacheLockingPercent <percent> Restart the DNS Server service. * Parameter <percent> Optional.Specifies the cache locking percent, from 0 to 100 in decimal format. If no value is entered, the cache locking percent is set to 0.

QUESTION 282 You have a server named Server1. You install the IP Address Management (IPAM) Server feature on Server1. You need to provide a user named User1 with the ability to set the access scope of all the DHCP servers that are managed by IPAM. The solution must use the principle of least privilege. Which user role should you assign to User1?

QUESTION 283 You have a virtual machine named VM1 that runs on a host named Host1. You configure VM1 to replicate to another host named Host2. Host2 is located in the same physical location as Host1. You need to add an additional replica of VM1. The replica will be located in a different physical site. What should you do?

QUESTION 284 Hotspot Question You have a file server named Server1 that runs Windows Server 2012 R2. You need to ensure that you can use the NFS Share – Advanced option from the New Share Wizard in Server Manager. Which two role services should you install? To answer, select the appropriate two role services in the answer area. Answer:

QUESTION 285 Your network contains 20 iSCSI storage appliances that will provide storage for 50 Hyper-V hosts running Windows Server 2012 R2. You need to configure the storage for the Hyper-V hosts. The solution must minimize administrative effort. What should you do first?

A. Install the iSCSI Target Server role service and configure iSCSI targets. B. Install the iSNS Server service feature and create a Discovery Domain. C. Start the Microsoft iSCSI Initiator Service and configure the iSCSI Initiator Properties. D. Install the Multipath I/O (MPIO) feature and configure the MPIO Properties.

Answer: C

QUESTION 286 Drag and Drop Question You have a server that runs Windows Server 2012 R2. You create a new work folder named Share1. You need to configure Share1 to meet the following requirements: Ensure that all synchronized copies of Share1 are encrypted. Ensure that clients synchronize to Share1 every 30 minutes. Ensure that Share1 inherits the NTFS permissions of the parent folder. Which cmdlet should you use to achieve each requirement? To answer, drag the appropriate cmdlets to the correct requirements. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. Answer:

QUESTION 287 You create a new virtual disk in a storage pool by using the New Virtual Disk Wizard. You discover that the new virtual disk has a write-back cache of 1 GB. You need to ensure that the virtual disk has a write-back cache of 5 GB. What should you do?

A. Detach the virtual disk, and then run the Resize-VirtualDisk cmdlet. B. Detach the virtual disk, and then run the Set-VirtualDisk cmdlet. C. Delete the virtual disk, and then run the New-StorageSubSystemVirtualDisk cmdlet. D. Delete the virtual disk, and then run the New-VirtualDisk cmdlet.

Answer: D

QUESTION 288 Drag and Drop Question Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. You plan to install the Active Directory Federation Services server role on Server1 to allow for Workplace Join. You run nslookup enterprise registration and you receive the following results: You need to create a certificate request for Server1 to support the Active Directory Federation Services (AD FS) installation. How should you configure the certificate request? To answer, drag the appropriate names to the correct locations. Each name may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. Answer:

QUESTION 289 Your network contains an Active Directory domain named contoso.com. The domain contains servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has the Active Directory Federation Services server role installed. Server2 is a file server. Your company introduces a Bring Your Own Device (BYOD) policy. You need to ensure that users can use a personal device to access domain resources by using Single Sign-On (SSO) while they are connected to the internal network. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Enable the Device Registration Service in Active Directory. B. Publish the Device Registration Service by using a Web Application Proxy. C. Configure Active Directory Federation Services (AD FS) for the Device Registration Service. D. Create and configure a sync share on Server2. E. Install the Work Folders role service on Server2.

Answer: AC

QUESTION 290 Drag and Drop Question You have two failover clusters named Cluster1 and Cluster2. All of the nodes in both of the clusters run Windows Server 2012 R2. Cluster1 hosts two virtual machines named VM1 and VM2. You plan to configure VM1 and VM2 as nodes in a new failover cluster named Cluster3. You need to configure the witness disk for Cluster3 to be hosted on Cluster2. Which three actions should you perform in sequence? To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order. Answer:

QUESTION 271 Your network contains an Active Directory domain named adatum.com. You create a new Group Policy object (GPO) named GPO1. You need to verify that GPO1 was replicated to all of the domain controllers. Which tool should you use?

QUESTION 272 Your network contains two Web servers named Server1 and Server2. Both servers run Windows Server 2012 R2. Server1 and Server2 are nodes in a Network Load Balancing (NLB) cluster. The NLB cluster contains an application named App1 that is accessed by using the URL http://app1.contoso.com. You plan to perform maintenance on Server1. You need to ensure that all new connections to App1 are directed to Server2. The solution must not disconnect the existing connections to Server1. What should you run?

Answer: D Explanation: The Stop-NlbClusterNode cmdlet stops a node in an NLB cluster. When you use the stop the nodes in the cluster, client connections that are already in progress are interrupted. To avoid interrupting active connections, consider using the -drain parameter, which allows the node to continue servicing active connections but disables all new traffic to that node. -Drain <SwitchParameter> Drains existing traffic before stopping the cluster node. If this parameter is omitted, existing traffic will be dropped.

QUESTION 273 Hotspot Question Your network contains an Active Directory domain named contoso.com. You have a failover cluster named Cluster1 that contains two nodes named Server1 and Server2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed. You plan to create two virtual machines that will run an application named App1. App1 will store data on a virtual hard drive named App1data.vhdx. App1data.vhdx will be shared by both virtual machines. The network contains the following shared folders: – An SMB file share named Share1 that is hosted on a Scale-Out File Server. – An SMB file share named Share2 that is hosted on a standalone file server. – An NFS share named Share3 that is hosted on a standalone file server. You need to ensure that both virtual machines can use App1data.vhdx simultaneously. What should you do? To answer, select the appropriate configurations in the answer area. Answer:

QUESTION 274 Your network contains an Active directory forest named contoso.com. The forest contains two child domains named east.contoso.com and west.contoso.com. You install an Active Directory Rights Management Services (AD RMS) cluster in each child domain. You discover that all of the users in the contoso.com forest are directed to the AD RMS cluster in east.contoso.com. You need to ensure that the users in west.contoso.com are directed to the AD RMS cluster in west.contoso.com and that the users in east.contoso.com are directed to the AD RMS cluster in east.contoso.com. What should you do?

A. Modify the Service Connection Point (SCP). B. Configure the Group Policy object (GPO) settings of the users in the west.contoso.com domain. C. Configure the Group Policy object (GPO) settings of the users in the east.contoso.com domain. D. Modify the properties of the AD RMS cluster in west.contoso.com.

Answer: C

QUESTION 275 You have a server named Server1 that runs Windows Server 2012 R2. From Server Manager, you install the Active Directory Certificate Services server role on Server1. A domain administrator named Admin1 logs on to Server1. When Admin1 runs the Certification Authority console, Admin1 receive the following error message. You need to ensure that when Admin1 opens the Certification Authority console on Server1, the error message does not appear. What should you do?

QUESTION 276 Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role installed. All servers run Windows Server 2012.d You complete the Active Directory Federation Services Configuration Wizard on Server1. You need to ensure that client devices on the internal network can use Workplace Join. Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)

Answer: CE Explanation: * To enable Device Registration Service On your federation server, open a Windows PowerShell command window and type: Enable-AdfsDeviceRegistration Repeat this step on each federation farm node in your AD FS farm.. Enable seamless second factor authentication Seamless second factor authentication is an enhancement in AD FS that provides an added level of access protection to corporate resources and applications from external devices that are trying to access them. When a personal device is Workplace Joined, it becomes a `known’ device and administrators can use this information to drive conditional access and gate access to resources. To enable seamless second factor authentication, persistent single sign-on (SSO) and conditional access for Workplace Joined devices In the AD FS Management console, navigate to Authentication Policies. Select Edit Global Primary Authentication. Select the check box next to Enable Device Authentication, and then click OK.

QUESTION 277 Drag and Drop Question Your network contains an Active Directory domain named contoso.com. You need to ensure that third-party devices can use Workplace Join to access domain resources on the Internet. Which four actions should you perform in sequence? To answer, move the appropriate four actions from the list of actions to the answer area and arrange them in the correct order. Answer:

QUESTION 278 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. You need to create an IPv6 scope on Server1. The scope must use an address space that is reserved for private networks. The addresses must be routable. Which IPV6 scope prefix should you use?

QUESTION 279 Hotspot Question Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. All servers run Windows Server 2012 R2. You install the DHCP Server server role on both servers. On Server1, you have the DHCP scope configured as shown in the exhibit. (Click the Exhibit button.) You need to configure the scope to be load-balanced across Server1 and Server2. What Windows PowerShell cmdlet should you run on Server1? To answer, select the appropriate options in the answer area. Answer:

QUESTION 280 Hotspot Question Your network contains an Active Directory domain named contoso.com. The domain contains two DHCP servers named Server1 and Server2. Both servers have multiple IPv4 scopes. Server1 and Server2 are used to assign IP addresses for the network IDs of 172.20.0.0/16 and 131.107.0.0/16. You install the IP Address Management (IPAM) Server feature on a server named IPAM1 and configure IPAM1 to manage Server1 and Server2. Some users from the 172.20.0.0 network report that they occasionally receive an IP address conflict error message. You need to identify whether any scopes in the 172.20.0.0 network ID conflict with one another. What Windows PowerShell cmdlet should you run? To answer, select the appropriate options in the answer area. Answer:

QUESTION 261 Your network contains a Hyper-V host named Server1 that hosts 20 virtual machines. You need to view the amount of memory resources and processor resources each virtual machine uses currently. Which tool should you use on Server1?

QUESTION 263 Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a server named Server1. You open Review Options in the Active Directory Domain Services Configuration Wizard, and then you click View script. You need to ensure that you can use the script to promote Server1 to a domain controller. Which file extension should you use to save the script?

A. .xml B. .ps1 C. .bat D. .cmd

Answer: B Explanation: The View Script button is used to view the corresponding PowerShell script The PowerShell script extension is .ps1, The Answer could logically be either a .cmd file or a .bat file. According to http://www.fileinfo.com/:PAL – Settings file created by Corel Painter or Palette of colors used by Dr. Halo bitmap images BAT – DOS batch file used to execute commands with the Windows Command Prompt (cmd.exe); contains aseries of line commands that typically might be entered at the DOS command prompt; most commonly used tostart programs and run maintenance utilities within Windows. XML – XML (Extensible Markup Language) data file that uses tags to define objects and object attributes;formatted much like an .HTML document, but uses custom tags to define objects and the data within eachobject; can be thought of as a text-based database. CMD – Batch file that contains a series of commands executed in order; introduced with Windows NT, but canbe run by DOS or Windows NT systems; similar to a .BAT file, but is run by CMD.EXE instead of COMMAND.COM.

QUESTION 264 Your network contains an Active Directory domain named adatum.com. You have a standard primary zone named adatum.com. You need to provide a user named User1 the ability to modify records in the zone. Other users must be prevented from modifying records in the zone. What should you do first?

A. Run the Zone Signing Wizard for the zone. B. From the properties of the zone, change the zone type. C. Run the new Delegation Wizard for the zone. D. From the properties of the zone, modify the Start Of Authority (SOA) record.

Answer: C

QUESTION 265 Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. One of the domain controllers is named DC1. The DNS zone for the contoso.com zone is Active Directory-integrated and has the default settings. A server named Server1 is a DNS server that runs a UNIX-based operating system. You plan to use Server1 as a secondary DNS server for the contoso.com zone. You need to ensure that Server1 can host a secondary copy of the contoso.com zone. What should you do?

A. From Windows PowerShell, run the Set-DnsServerForwarder cmdlet and specify the contoso.com zone as a target. B. From Windows PowerShell, run the Set-DnsServerSetting cmdlet and specify DC1 as a target. C. From Windows PowerShell, run the Set-DnsServerPrimaryZone cmdlet and specify the contoso.com zone as a target. D. From DNS Manager, modify the Advanced settings of DC1.

QUESTION 266 Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 R2 and has the Hyper-V server role installed. Server1 hosts 10 virtual machines. A virtual machine named VM1 runs Windows Server 2012 R2 and hosts a processor-intensive Application named App1. Users report that App1 responds more slowly than expected. You need to monitor the processor usage on VM1 to identify whether changes must be made to the hardware settings of VM1. Which performance object should you monitor on Server1?

QUESTION 267 Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 that has the Active Directory Federation Services server role installed. All servers run Windows Server 2012 R2. You complete the Active Directory Federation Services Configuration Wizard on Server1. You need to ensure that client devices on the internal network can use Workplace Join. Which two actions should you perform on Server1? (Each correct answer presents part of the solution. Choose two.)

QUESTION 268 Your network contains an Active Directory domain named contoso.com. All user accounts reside in an organizational unit (OU) named OU1. You create a Group Policy object (GPO) named GPO1. You link GPO1 to OU1. You configure the Group Policy preference of GPO1 to add a shortcut named Link1 to the desktop of each user. You discover that when a user deletes Link1, the shortcut is removed permanently from the desktop. You need to ensure that if a user deletes Link1, the shortcut is added to the desktop again. What should you do?

QUESTION 269 Your network contains an Active Directory forest named contoso.com. The forest contains two sites named Main and Branch. The Main site contains 400 desktop computers and the Branch site contains 150 desktop computers. All of the desktop computers run Windows 8. In Main, the network contains a member server named Server1 that runs Windows Server 2012. You install the Windows Server Update Services server role on Server1. You need to ensure that Windows updates obtained from Windows Server Update Services (WSUS) are the same for the computers in each site. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?

Answer: C Explanation: Create one computer group for Main site and another group for Branch site. You can deploy Windows updates by computer group.

QUESTION 270 Hotspot Question Your network contains three Active Directory forests. The forests are configured as shown in the following table. A two-way forest trust exists between contoso.com and divisionl.contoso.com. A two-way forest trust also exists between contoso.com and division2.contoso.com. You plan to create a one-way forest trust from divisionl.contoso.com to division2.contoso.com. You need to ensure that any cross-forest authentication requests are sent to the domain controllers in the appropriate forest after the trust is created. How should you configure the existing forest trust settings? In the table below, identify which configuration must be performed in each forest. Make only one selection in each column. Each correct selection is worth one point. Answer:

QUESTION 251 Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that runs Windows Server 2012 R2. You create an Active Directory snapshot of DC1 each day. You need to view the contents of an Active Directory snapshot from two days ago. What should you do first?

QUESTION 252 You have a server named Server1 that runs Windows Server 2012 R2. You need to configure Server1 to create an entry in an event log when the processor usage exceeds 60 percent. Which type of data collector should you create?

QUESTION 253 Your network contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2, On Server1, you create a Data Collector Set (DCS) named Data1. You need to export Data1 to Server2. What should you do first?

QUESTION 254 Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. An organizational unit (OU) named OU1 contains 200 client computers that run Windows 8 Enterprise. A Group Policy object (GPO) named GPO1 is linked to OU1. You make a change to GPO1. You need to force all of the computers in OU1 to refresh their Group Policy settings immediately. The solution must minimize administrative effort. Which tool should you use?

Answer: D Explanation: In the previous versions of Windows, this was accomplished by having the user run GPUpdate.exe on their computer. Starting with Windows Server?2012 and Windows?8, you can now remotely refresh Group Policy settings for all computers in an OU from one central location through the Group Policy Management Console (GPMC). Or you can use the Invoke-GPUpdate cmdlet to refresh Group Policy for a set of computers, not limited to the OU structure, for example, if the computers are located in the default computers container. Note: Group Policy Management Console (GPMC) is a scriptable Microsoft Management Console (MMC) snap-in, providing a single administrative tool for managing Group Policy across the enterprise. GPMC is the standard tool for managing Group Policy. Incorrect: Not B: Secedit configures and analyzes system security by comparing your current configuration to at least one template. Reference: Force a Remote Group Policy Refresh (GPUpdate)

QUESTION 255 Your network contains an Active Directory domain named contoso.com. Network Access Protection (NAP) is deployed to the domain. You need to create NAP event trace log files on a client computer. What should you run?

A. Logman B. Tracert C. Register-EngineEvent D. Register-ObjectEvent

Answer: A

QUESTION 256 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs Windows Server 2012 R2. You create a group Managed Service Account named gService1. You need to configure a service named Service1 to run as the gService1 account. How should you configure Service1?

A. From a command prompt, run sc.exe and specify the sdset parameter. B. From the Services console, configure the General settings. C. From Windows PowerShell, run Set-Service and specify the -StartupType parameter. D. From the Services console, configure the Log On settings.

QUESTION 257 You have a server named Server1 that runs Windows Server 2012 R2. Server1 has 2 dual-core processors and 16 GB of RAM. You install the Hyper-V server role in Server1. You plan to create two virtual machines on Server1. You need to ensure that both virtual machines can use up to 8 GB of memory. The solution must ensure that both virtual machines can be started simultaneously. What should you configure on each virtual machine?

Answer: A Explanation: The DISM command is called by the Add-WindowsFeature command. Here is the systax for DISM: Dism /online /enable-feature /featurename:ServerCore-FullServer /featurename:ServerGui-Shell /featurename:Server-Gui-Mgmt

QUESTION 259 Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two organizational units (OUs) named OU1 and OU2 in the root of the domain. Two Group Policy objects (GPOs) named GPO1 and GPO2 are created. GPO1 is linked to OU1. GPO2 is linked to OU2. OU1 contains a client computer named Computer1. OU2 contains a user named User1. You need to ensure that the GPOs Applied to Computer1areApplied to User1 when User1 logs on. What should you configure?

QUESTION 260 Your network contains an Active Directory domain named contoso.com. The domain contains client computers that run either Windows XP, Windows 7, or Windows 8. Network Policy Server (NPS) is deployed to the domain. You plan to create a system health validator (SHV). You need to identify which policy settings can be Applied to all of the computers. Which three policy settings should you identify? (Each correct answer presents part of the solution. Choose three.)

A. A firewall is enabled for all network connections. B. An antispyware application is on. C. Automatic updating is enabled. D. Antivirus is up to date. E. Antispyware is up to date.

Answer: ACD Explanation: * System health agent (SHA) is a NAP component. * System health agent (SHA) A component that checks the state of the client computer to determine whether the settings monitored by the SHA are up-to-date and configured correctly. For example, the Windows Security Health Agent (WSHA) can monitor Windows Firewall, whether antivirus software is installed, enabled, and updated, whether antispyware software is installed, enabled, and updated, and whether Microsoft Update Services is enabled and the computer has the most recent security updates from Microsoft Update Services. There might also be SHAs (and corresponding system health validators) available from other companies that provide different functionality.

QUESTION 3 Which statement about the feasibility condition in EIGRP is true?

A. The prefix is reachable via an EIGRP peer that is in the routing domain of the router. B. The EIGRP peer that advertises the prefix to the router has multiple paths to the destination. C. The EIGRP peer that advertises the prefix to the router is closer to the destination than the router. D. The EIGRP peer that advertises the prefix cannot be used as a next hop to reach the destination.

Answer: C

QUESTION 4 Which two statements about the function of the stub feature in EIGRP are true? (Choose two.)

A. It stops the stub router from sending queries to peers. B. It stops the hub router from sending queries to the stub router. C. It stops the stub router from propagating dynamically learned EIGRP prefixes to the hub routers . D. It stops the hub router from propagating dynamically learned EIGRP prefixes to the stub routers .

Answer: BC

QUESTION 5 In which type of EIGRP configuration is EIGRP IPv6 VRF-Lite available?

A. stub B. named mode C. classic mode D. passive

Answer: B

QUESTION 6 Two routers are trying to establish an OSPFv3 adjacency over an Ethernet link, but the adjacency is not forming. Which two options are possible reasons that prevent OSPFv3 to form between these two routers? (Choose two.)

QUESTION 7 Like OSPFv2, OSPFv3 supports virtual links.Which two statements are true about the IPv6 address of a virtual neighbor? (Choose two.)

A. It is the link-local address, and it is discovered by examining the hello packets received from the virtual neighbor. B. It is the link-local address, and it is discovered by examining link LSA received by the virtual neighbor. C. It is the global scope address, and it is discovered by examining the router LSAs received by the virtual neighbor. D. Only prefixes with the LA-bit not set can be used as a virtual neighbor address. E. It is the global scope address, and it is discovered by examining the intra-area-prefix-LSAs received by the virtual neighbor. F. Only prefixes with the LA-bit set can be used as a virtual neighbor address.

Answer: EF

QUESTION 8 Which field is specific to the OPSFv3 packet header, as opposed to the OSPFv2 packet header?

QUESTION 51 You need to recommend a WSUS topology that meets the security requirements. What should you do?

A. In the London office, install a WSUS server in replica mode. In the New York office, install a WSUS server in replica mode. B. In the London office, install a WSUS server in replica mode. In the New York office, install a WSUS server in autonomous mode. C. In the London office, install a WSUS server in autonomous mode. In the New York office, install a WSUS server in replica mode D. In the London office, install a WSUS server in autonomous mode. In the New York office, install a WSUS server in autonomous mode.

Answer: B Explanation: A WSUS server running in replica mode inherits the update approvals and computer groups created on its parent WSUS administration server. You will typically have a single parent server with one or more downstream replica WSUS servers. You approve updates and create computer groups on the parent server, which the replica servers will then mirror.

QUESTION 52 You need to recommend an image type to start the client computers in the London office. The solution must meet the migration requirements. Which image type should you recommend?

A. capture B. boot C. install D. discover

Answer: D Explanation: – Ensure that the client computers in the London office that are not PXE-capable can download images from WDS. – Reformat the existing disks in the London office during the migration to Windows 8. A discover image is a type of boot image that you can use to install an operating system on a computer that is not capable of network booting using the Pre-Boot Execution Environment (PXE). You may want to use a discover image in the following scenarios: A client is not PXE-enabled. A client is on a different subnet and you do not have method of getting PXE to the client (for example, IP helper tables or Dynamic Host Control Protocol (DHCP)). You have many Windows Deployment Services servers and want to target a specific server.

Case Study 2: Contoso, Ltd (Question 53 – Question63) Overview Contoso, Ltd., is a pharmaceutical company. The company has an office in Seattle. Existing Environment The network contains a single-domain Active Directory forest named contoso.com. The relevant servers in the network are configured as shown in the following table. All client computers run Windows XP. All client computers are configured to receive automatic updates from SRV-WSUS. All users have desktop computers. Users in the sales department also have laptop computers. The laptop computers are used by the sales users to remotely access the internal network by using a VPN connection. The sales users use several line-of-business applications. Requirements Planned Changes The company plans to deploy a Microsoft System Center 2012 Configuration Manager infrastructure that will contain two servers. The servers will be configured as shown in the following table. The company plans to deploy a Remote Desktop Services (RDS) infrastructure that will contain the following servers: – Two Remote Desktop Connection Broker (RD Connection Broker) servers configured for high-availability – Two Remote Desktop Visualization Host (RD Virtualization Host) servers – Two Remote Desktop Web Access (RD Web Access) servers – Two Remote Desktop Gateway (RD Gateway) servers Technical Requirements The company identifies the following technical requirements: – Configuration Manager must be used to deploy operating systems and patches. – An existing virtual machine that runs Windows 8 must be used as the reference computer for the deployment of new client computers. – To troubleshoot installation issues, technicians must be able to open a Command Prompt window during the deployment of Windows 8 to the new client computers. Sales Department Requirements The company identifies the following requirements for the sales users: – All of the files on the laptop computers must be encrypted. – The amount of administrative effort must be minimized whenever possible. – Certificate warnings must not be displayed when connecting to virtual desktops. – The availability of the virtual desktops must not be affected by a single server failure. – The desktop computers of the sales users must be replaced by virtual desktops that run Windows 8. – The contents of each sales user’s Documents folder must be the same on the virtual desktop and the laptop computer. – The sales users must be able to connect to their virtual desktop from their laptop computer without using a VPN connection. – The sales users must be able to configure their user settings independently on their virtual desktop and their laptop computer. – The line-of-business applications must be installed on the virtual desktops only. The line-of-business applications require hardware acceleration to run.

QUESTION 53 You need to configure RDS to use certificates to meet the sales department requirements. What should you do?

A. On the RD Virtualization Host servers, install a certificate in the personal store of the local computer. B. On the RD Web Access servers, edit the properties of the RDWeb website. C. On the RD Connection Broker servers, edit the deployment properties. D. On the RD Connection Broker servers, edit the collection properties.

Answer: C Explanation: The company identifies the following requirements for the sales users: – All of the files on the laptop computers must be encrypted. – The amount of administrative effort must be minimized whenever possible. – Certificate warnings must not be displayed when connecting to virtual desktops. – The availability of the virtual desktops must not be affected by a single server failure. – The desktop computers of the sales users must be replaced by virtual desktops that run Windows 8. – The contents of each sales user’s Documents folder must be the same on the virtual desktop and the laptop computer. – The sales users must be able to connect to their virtual desktop from their laptop computer without using a VPN connection. – The sales users must be able to configure their user settings independently on their virtual desktop and their laptop computer. – The line-of-business applications must be installed on the virtual desktops only. The line- of-business applications require hardware acceleration to run. Once this certificate has been created it needs to be applied to the RD Gateway and RD Web Access servers. This is done in the RDS Deployment Properties

QUESTION 54 You need to recommend a change to the network to ensure that you can perform a bare metal deployment of Windows 8. The solution must meet the technical requirements. What should you recommend?

A. On SRV-DP, enable PXE support for clients from the Configuration Manager console. B. On SRV-DHCP, configure options 66 and 67. C. On SRV-DHCP, install the Windows Deployment Services server role and configure option 60. D. On SRV-DP, install the Windows Deployment Services server role and configure a PXE Response Policy from the Windows Deployment Services console.

Answer: A Explanation: Enabling PXE support on the Distribution Point will achieve the technical requirements. If you enable the Checkbox for PXE Support, this will automatically install WDS transport. The appropriate ports UDP 67,68,69 and 4011 will be opened in the firewall. Sorry for german screenshot.

QUESTION 55 You need to ensure that when the sales users connect to their virtual desktop by using RD Web Access, the users can select the Experience setting manually from the RD Web Access website. What should you include in the solution?

Answer: A Explanation: The company identifies the following technical requirements: – Configuration Manager must be used to deploy operating systems and patches. – An existing virtual machine that runs Windows 8 must be used as the reference computer for the deployment of new client computers. – To troubleshoot installation issues, technicians must be able to open a Command Prompt window during the deployment of Windows 8 to the new client computers. There is already a WSUS (SRV-WSUS) server present in our network. We can continue to use it by integrating it with SCCM or replace it by transferring metadata and updates to our future Software Update Point on the SCCM primary site server. In order to achieve this WSUS SDK / Wsus management console -connected to the wsus- is a prerequisite on the primary Site server. You need a SUP at every primary site – unlike other WSUS-based implementations, SCCM requires one at every site to function.

QUESTION 57 You need to recommend a configuration of the RD Gateway servers to allow the sales users to connect to their virtual desktop. The solution must meet the sales department requirements. What should you include in the recommendation?

Answer: C Explanation: An RD Gateway-managed group is a group of computers maintained by an RD Gateway, instead of Active Directory. Most of the time, specifying Active Directory computer groups in RD RAPs will make the most sense. If you have an RD Session Host farm, though, you’ll have to create an RD Gateway- managed group to control access to the farm via RD Gateway. Active Directory doesn’t have a way of identifying multiple RD Session Host servers by their farm name. Requirements: The availability of the virtual desktops must not be affected by a single server failure. See planned changes: 2 Virtualization host servers, 2 RD Web Access servers

QUESTION 58 You need to recommend a solution for protecting the files stored on the laptop computers of the sales users. The solution must meet the sales department requirements. What should you recommend?

Answer: B Explanation: – All of the files on the laptop computers must be encrypted. Active Directory SID-based protector. This protector can be added to both operating system and data volumes, although it does not unlock operating system volumes in the pre-boot environment. The protector requires the SID for the domain account or group to link with the protector. BitLocker can protect a clusteraware disk by adding a SID-based protector for the Cluster Name Object (CNO) that lets the disk properly failover to and be unlocked by any member computer of the cluster. The ADAccountOrGroup protector requires the use of an additional protector for use (such as TPM, PIN, or recovery key) when used on operating system volumes To add an ADAccountOrGroup protector to a volume requires either the actual domain SID or the group name preceded by the domain and a backslash. In the example below, the CONTOSO\Administrator account is added as a protector to the data volume G. Active Directory-based protectors are normally used to unlock Failover Cluster enabled volumes.

QUESTION 59 You need to ensure that the technicians can troubleshoot the operating system deployments. The solution must meet the technical requirements. Which properties should you modify?

Answer: B Explanation: – To troubleshoot installation issues, technicians must be able to open a Command Prompt window during the deployment of Windows 8 to the new client computers. Enable command line support (F8) on the boot image in SCCM.

QUESTION 60 You need to recommend a solution for managing the user state of the virtual desktops. The solution must meet the sales department requirements. What should you include in the recommendation?

Answer: C Explanation: The sales users must be able to configure their user settings independently on their virtual desktop and their laptop computer. The contents of each sales user’s Documents folder must be the same on the virtual desktop and the laptop computer. User profile disks: As the user logs on to different virtual machines within the pool or different hosts within the session collection, the User Profile Disk gets mounted, providing access to the complete profile. Folder Redirection: The contents of each sales user’s Documents folder must be the same on the virtual desktop and the laptop computer.

Case Study 1: Proseware Inc (Question 41 – Question 50) Overview Proseware, Inc. is an independent software vendor. The company has a main office and two branch offices. The main office is located in New York. The branch offices are located in London and Moscow. Existing Environment The New York office and the London office each contain the following servers that run Windows Server 2008 R2: – One Windows Deployment Services (WDS) server – One Remote Desktop Session Host (RD Session Host) server Each office contains client computers that run Windows XP. The London office and the New York office connect to each other by using a high-speed WAN link. The Moscow office and the New York office connect to each other by using a low- speed# high-latency WAN link. The network connection between the Moscow office and the New York office frequently fails. Requirements Planned Changes The company plans to implement the following changes: – Migrate all of the client computers to Windows 8. – Deploy new applications named App1, App2, and App3. – Deploy a Virtual Desktop Infrastructure (VDI) in the New York office. – Deploy a Windows Server Update Services (WSUS) infrastructure. Migration Requirements The company identifies the following migration requirements: – Migrate the client computers to Windows 8 by using the Microsoft Deployment Toolkit (MDT). – Replace the client computers in the New York office. Migrate the user settings during the migration to the new hardware. – Ensure that the client computers in the London office that are not PXE-capable can download images from WDS. – Reformat the existing disks in the London office during the migration to Windows 8. – Avoid using the WAN link between the Moscow and New York offices whenever possible. – Avoid deploying any servers to the Moscow office. Virtual Desktop Infrastructure (VDI) Requirements The company identifies the following VDI requirements: – Automatically provision new virtual desktops based on a virtual desktop template. The new virtual desktops will run Windows 8. – Automatically discard any user changes to the new virtual desktops when the users log off. – Deploy a 3D graphics application named App1 to all of the new virtual desktops. App1 will require DirectX 11 support. – Ensure that updates for App1 are applied to all of the new virtual desktops. Application Requirements The company identifies the following application requirements: – In the New York office, deploy an application named App2 to the client computers that run Windows 8. – Minimize the amount of resources used by App2 on the client computers. – In the London office, publish an application named App3 to the Work Resources (RADC) area of the Windows 8 Apps screen. Security Requirements The company identifies the following security requirements: – Ensure that updates for the New York, London, and Moscow offices can be approved only by the administrators in the New York office. – Ensure that the users in the New York office can use only classes of USB devices that are approved by the IT department. – Configure the replication of updates between the update servers in the New York and London offices.

QUESTION 41 You need to recommend a virtual desktop solution that meets the VDI requirements. What should you recommend?

Answer: C Explanation: Virtual Desktop Collection There are two types of virtual desktop collections available: personal and pooled. You have the option to let Remote Desktop Services automatically manage pooled virtual desktops in a collection, or you can manually manage them. We will concentrate on automatically managed pooled virtual desktop collections. A managed pooled virtual desktop collection offers the following capabilities: Automatically create pooled virtual desktops based on a virtual desktop template. Automatically install security updates and applications based on a virtual desktop template. Live migration with local caching. User profile disk support. A user profile disk stores user profile information in a separate virtual hard disk so that user profile settings are persistent across pooled virtual desktops. With either managed or unmanaged, the administrator can configure the pool to store the user profiles on User Profile disks separate from the machines. http://blogs.technet.com/b/canitpro/archive/2013/04/25/step-by-step-deploying-virtual- desktops-with-windowsserver-2012.aspx Virtual Machine-based desktop Deployment is of two types: Personal Virtual Desktop Collection ?Administrators manually assign virtual desktops to the users. Pooled Virtual Desktop Collection – Administrators deploy virtual desktops and users are randomly assigned virtual desktops. At log off virtual desktops are generally rolled back (rollback is optional). Creating a Pooled Virtual Desktop Collection There are two types of Pooled Virtual desktop Collections: Pooled Managed The Virtual desktop machine is created using the Sysprep Template of a virtual machine. We can recreate the virtual desktops from this image at will. Pooled Unmanaged We can add the existing virtual machine to this virtual desktop collection from Hyper V pool. With either option, the administrator can configure the pool to store the user profiles on User Profile disks separate from the machines. http://blogs.technet.com/b/askperf/archive/2012/10/31/windows-8-windows-server-2012- pooled-virtualdesktop-infrastructure.aspx http://technet.microsoft.com/en-us/library/ee216741.aspx

QUESTION 42 You need to configure a Deployment Workbench task sequence that meets the migration requirements of the London office. Which task group should you edit?

QUESTION 43 A hardware supplier provides you with four server builds. The server builds are configured as shown in the following table. You need to recommend which server build must be used to meet the VDI requirements. What should you include in the recommendation?

A. Build1 B. Build2 C. Build3 D. Build4

Answer: C

QUESTION 44 You need to recommend a solution for updating App1. The solution must meet the VDI requirements. What should you recommend?

A. Create a new virtual machine from the template file, apply the patch, and create a snapshot of the virtual machine. B. Create a new virtual machine from the template file, apply the patch, and run sysprep.exe. C. Mount the virtual machine template on a physical host and configure the template to be bootable. Apply the patch and run sysprep.exe. D. Mount the virtual machine template on a physical host and configure the template to be bootable. Apply the patch and run dism.exe.

Answer: B Explanation: Ensure that updates for App1 are applied to all of the new virtual desktops. Rolling Out Updates to a Pooled Virtual Desktop Collection A Master or Gold VM is formally referred to as “virtual desktop template” in the WS2012 Server Manager UI console and the cmdlets in Remote Desktop Services module for Windows PowerShell. It is an input to the managed virtual desktop collection creation process that allows an admin to manage a virtual desktop collection. The Master VM is created and managed by the admin and it specifies the hardware properties and software contents of all the automatically created VMs in that managed virtual desktop collection. For example, if the master VM is assigned 2GB of RAM, then each of the automatically created VMs in the managed virtual desktop collection will be assigned 2GB RAM. In this section, I will describe the various supported options and requirements for the Master VM. Virtual Hard Disk The Master VM can only have one virtual hard disk (VHD) attached to it; more than one VHD attached to the Master VM is not supported. The VHD attached to the Master VM must have either a Windows 7 SP1 or Windows 8 image in sysprep generalized state. A diff disk chain attached to the Master VM as its VHD is supported. Although the VHD can have more than one logical partition defined in it, it can have only one Windows OS image installed in it. http://blogs.msdn.com/b/rds/archive/2012/10/29/single-image-management-for-virtual- desktop-collections-inwindows-server-2012.aspx

QUESTION 45 You are planning the deployment of Remote Desktop Services (RDS) to support App3. The RDS servers will run Windows Server 2012. You need to recommend which RDS role services are required to ensure that App3 meets the application requirements. Which RDS role services should you recommend? (Each correct answer presents part of the solution. Choose all that apply.)

QUESTION 46 You need to prepare a virtual machine template that meets the VDI requirements. What should you do?

A. Run dism.exe and specify the /image parameter. B. Run dism.exe and specify the /export-image parameter. C. Run sysprep.exe and specify the /audit parameter. D. Run sysprep.exe and specify the /generalize parameter.

Answer: D Explanation:

QUESTION 47 You need to deploy Windows 8 to the client computers in the Moscow office. The solution must meet the migration requirements. What should you do first?

A. From the Windows Deployment Services console, add a boot image. B. From the Windows Deployment Services console, add an install image. C. From the Deployment Workbench, select New Media. D. From the Deployment Workbench, select New Linked Deployment Share

Answer: C Explanation: The assumption is we only want to use the WAN link when absolutely required. If we create a Linked Deployment Share, all selected data would be replicated to Moscow from New York. By managing the Task Sequence/Share locally in Moscow with no link to New York, you’re only downloading the media and software one time. Solution: Use MDT to create a bootable image for a DVD or external drive. Step 1: Create selection profiles. Step 2: Create your media. Step 3: Update your media. Step 4: Prepare your media. Step 5: Use your media on the client machine. Optional: Customize or automate your media.

QUESTION 48 You need to recommend an application deployment method for App2 that meets the application requirements. Which method should you recommend?

Answer: B Explanation: App-V maintains local resources on the client whereas RemoteApp utilizes resources on the backend RDS Server. The network data sent to the client is also different, App-V has two feature packs that contain all binaries of the streamed app. Remote Apps utilizes RDP, so only the picture information, mouse, keyboard etc are transmitted. Actually they can be combined, applications can be streamed to a RDS server and published to the client via RemoteApp. For more information, please see http://blogs.msdn.com/b/rds/archive/2009/10/14/whitepaperrelease-application- virtualization-4-5-for-terminal-services.aspx For more information about App-V, I suggest that you post to the App-V forum: http://social.technet.microsoft.com/Forums/en-US/category/appvirtualizationHope the information is helpful for your work.

QUESTION 49 You need to configure a Group Policy object (GPO) that meets the security requirements of the users in the New York office. Which Group Policy settings should you configure?

A. Allow installation of devices that match any of these device setup classes Prevent installation of devices not described by other policy settings B. All Removable Storage classes: Deny all access Prevent installation of devices not described by other policy settings C. Allow installation of devices that match any of these device setup classes Prevent installation of devices using drivers that match these device setup classes D. All Removable Storage classes: Deny all access Prevent installation of devices using drivers that match these device setup classes

Answer: A Explanation: You’d first allow installation of specific classes and then prevent all others. Prevent installation of devices not described by other policy settings. This policy setting controls the installation of devices that are not specifically described by any other policy setting. If you enable this policy setting, users cannot install or update the driver for devices unless they are described by either the Allow installation of devices that match these device IDs policy setting or the Allow installation of devices for these device classes policy setting. If you disable or do not configure this policy setting, users can install and update the driver for any device that is not described by the Prevent installation of devices that match these device IDs policy setting, the Prevent installation of devices for these device classes policy setting, or the Prevent installation of removable devices policy setting. http://msdn.microsoft.com/en-us/library/bb530324.aspx

QUESTION 50 You need to recommend a task sequence to migrate the client computers in the New York office to Windows 8. The solution must meet the migration requirements. Which command should you include in the recommendation?

A. Migpol B. Winrm C. Wbadmin D. Scanstate

Answer: D Explanation: Replace the client computers in the New York office. Migrate the user settings during the migration to the new hardware Passing Microsoft 70-415 Exam successfully in a short time! Just using Braindump2go’s Latest Microsoft 70-415 Dump:http://www.braindump2go.com/70-415.html

QUESTION 31 Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2008 R2. You install Microsoft System Center 2012 Configuration Manager on Server1. You need to ensure that you can perform bare metal installations of Windows 8 over the network. What should you do? (Each correct answer presents part of the solution. Choose all that apply.)

A. From Server Manager on Server2, install the Application Server server role. B. From the Configuration Manager console, add Server2 as a distribution point. C. From Server Manager on Server2, install the Windows Internal Database feature. D. From the Configuration Manager console, enable PXE support for clients. E. From Active Directory Users and Computers, configure the delegation settings of the Server2 computer account. F. From Active Directory Users and Computers, configure the delegation settings of the Server1 computer account.

Answer: BDF

QUESTION 32 Your network contains an Active Directory domain named contoso.com. The domain has Microsoft System Center 2012 Configuration Manager installed. You need to ensure that you can modify boot images by using the Configuration Manager console. What should you do?

Answer: C Explanation: SCCM 2012 SP1 RTM will install the Windows 7 AIK (PE 3.0 Boot images) automatically. This seems to be a bug. There is no auto created USMT package available. I could not import Win8 nor Win12 wim files. Windows 7 AIK should be uninstalled and replaced with the Windows 8 ADK (PE 4.0 Boot images). ADK is listed as a prerequisite for SCCM 2012 SP1 – apparently it won’t work properly without it (images, USMT package …) Whatsoever, ADK is not an answer option here and AIK is not supported. We could modify the boot image properties in console, but that is not an option too. I think the best answer choice would be MDT, it will allow us to modify / create a boot image. If you’ll get the answer option ADK – I think that would be right, as it is the prerequisite for the proper boot image architecture.

QUESTION 33 Your network contains 100 virtual desktops that are hosted on a Remote Desktop Services (RD5) collection. All RDS servers run Windows Server 2012. You need to recommend changes to the Remote Desktop environment to meet the following requirements: – Minimize the amount of bandwidth used by Remote Desktop sessions. – Minimize the amount of hardware resources used by the RDS servers. What should you recommend changing? More than one answer choice may achieve the goal. Select the BEST answer.

Answer: B Explanation: A group policy that limits screen resolution settings will save the most bandwidth / and memory. GPO (C) Configure RemoteFX lossless graphics data does not exist. GPO (D) Configuring the RDP compression will increase performance, but has a tradeoff – though there is a balanced setting, it will burn more memory, maybe even cpu cycles.

QUESTION 34 Your network contains two Remote Desktop Services (RDS) session collections named Collection 1 and Collection2. Each user has a laptop computer that runs Windows 8. The users frequently log on to sessions in Collection1 and Collection2. You need to recommend a user state virtualization solution to meet the following requirements: – Ensure that the user profiles remain the same when the users log on to their laptop computer and virtual desktop. – Minimize the time required to log on. What should you implement?

Answer: D Explanation: Roaming User Profiles redirects user profiles to a file share so that users receive the same operating system and application settings on multiple computers. When a user signs in to a computer by using an account that is set up with a file share as the profile path, the user’s profile is downloaded to the local computer and merged with the local profile (if present). When the user signs out of the computer, the local copy of their profile, including any changes, is merged with the server copy of the profile. Roaming User Profiles is typically enabled on domain accounts by a network administrator. Folder Redirection enables users and administrators to redirect the path of a known folder to a new location, manually or by using Group Policy. The new location can be a folder on the local computer or a directory on a file share. Users interact with files in the redirected folder as if it still existed on the local drive. For example, you can redirect the Documents folder, which is usually stored on a local drive, to a network location. The files in the folder are then available to the user from any computer on the network.

QUESTION 35 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012. Server1 has the Active Directory Certificate Services server role installed and is configured as an enterprise root certification authority (CA). You plan to implement Encrypting File System (EFS) on all client computers. Users use different client computers. You need to prevent the users from receiving a different EFS certificate on each client computer. What should you implement? More than one answer choice may achieve the goal. Select the BEST answer.

Answer: A Explanation: You must enable Credential roaming so that whatever machine a user logs on to, their credentials follow them. This may use up extensive space in Active Directory. A certificate is enrolled to a computer where a user is logged on interactively. With credential roaming, the certificate and also the corresponding key pair are uploaded into the user’s object in Active Directory about 10 seconds after certificate enrollment. If the domain consists of multiple domain controllers, Active Directory replication will make the updated user object available to all other domain controllers within the domain. If the same user who was previously enrolled for a certificate logs on to a different computer or terminal server session, credential roaming will synchronize the user’s local certificate store with the certificates that are stored in Active Directory.

QUESTION 36 You plan to deploy a Virtual Desktop Infrastructure (VDI) that has RemoteFX USB redirection enabled. You need to identify which USB devices can be redirected to the Remote Desktop sessions. Which devices should you identify? (Each correct answer presents part of the solution. Choose all that apply.)

QUESTION 37 Your network contains an Active Directory domain named contoso.com. Domain controllers run either Windows Server 2008 R2 or Windows Server 2012. All client computers run Windows 8. Each user has a laptop computer. You enable Folder Redirection and you configure the Redirect folders on primary computers only Group Policy setting. You need to ensure that user folders are redirected only when the users log on to their personal laptop computer. What should you modify?

A. The msDS-PrimaryComputer attribute of each computer B. The msDS-PrimaryComputer attribute of each user C. The msTSPrimaryDesktop attribute of each user D. The msTSPrimaryDesktop attribute of each computer

QUESTION 38 Your network contains a Virtual Desktop Infrastructure (VDI). You plan to deploy an application named App1 to the virtual desktops. App1 requires a minimum display resolution of 1280 x 1024 You need to identify the maximum number of virtual displays that each virtual desktop can use when running Appl. How many virtual displays should you identify?

QUESTION 39 Hotspot Question Your network contains an Active Directory domain named contoso.com. A Group Policy object (GPO) named LaptopSecurity is linked to an organizational unit (OU) named Laptops. A corporate policy states that users who use a laptop computer are forbidden from using removable media. You configure LaptopSecurity to prevent the users from installing removable devices on their laptop. A user named User1 cannot install removable devices. However, User1 can read and execute applications from a removable device that the user used before you configured the GPO. You need to ensure that the users cannot access any removable devices, even if the driver for the removable media was installed already on their laptop. Which Removable Storage Access setting should you modify? To answer, select the appropriate setting in the answer area. Answer:

QUESTION 40 Hotspot Question Your network contains an Active Directory domain named contoso.com. You plan to implement Encrypting File System (EFS) to encrypt data on the client computer of each user. You need to prevent EFS from generating self-signed certificates. What should you use in Group Policy Management Editor? To answer, select the appropriate Group Policy setting in the answer area. Answer:

QUESTION 21 Your company has offices in New York and Sydney. The network contains an Active Directory domain named contoso.com. An organizational unit (OU) exists for each office. The New York office contains a Virtual Desktop Infrastructure (VDI). All of the users in the New York office access virtual desktops. You need to recommend a virtual desktop deployment strategy for the Sydney office users. The solution must meet the following requirements: – User settings must be retained between sessions. – All of the users must be assigned their own virtual desktop. – Group Policies linked to the Sydney office OU must apply to all of the virtual desktops that are used by the Sydney office users. What should you do?

Answer: A Explanation: According to Microsoft “Personal virtual desktops are permanently assigned to a user account and the user logs on to the same virtual desktop each time.” What is a personal virtual desktop? – A personal virtual desktop is a virtual machine hosted on a Remote Desktop Virtualization Host (RD Virtualization Host) server and assigned to a user. Unlike a virtual desktop pool, where a virtual machine can be configured to rollback the changes when a user logs off, a personal virtual desktop retains all changes made by the user. How do you assign a personal virtual desktop? – The Remote Desktop Connection Broker Manager (RD Connection Broker Manager) can be used to assign an unassigned virtual machine to a user. The assignment is stored in Active Directory. The assignment stays intact even after the user logs off from his or her assigned personal virtual desktop. An administrator can reassign a personal virtual desktop or make changes to the assignment through RD Connection Broker Manager. http://blogs.msdn.com/b/rds/archive/2009/11/16/personal-virtual-desktops.aspxhttp://deploymywindows.blogspot.com.es/2012/10/windows-server-2012-virtual- desktop_9500.htmlhtml

QUESTION 22 Your network contains an Active Directory domain named contoso.com. The domain contains a Virtual Desktop Infrastructure (VDI). The VDI contains four servers. The servers are configured as shown in the following table. You need to recommend a solution to track the amount of time required to create virtual desktops. What should you include in the recommendation?

QUESTION 23 Your company has a main office and a branch office. The network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012. Server1 has the Windows Server Update Services server role installed and configured. Server1 is located in the main office. Server2 is located in the branch office. You plan to install Windows Server update Services (WSUS) on Server2. You need to configure the update infrastructure to meet the following requirements: – Only updates approved by the administrator in the main office must be installed on client computers in the branch office. – The local administrator in the branch office must not be able to approve updates. – Bandwidth usage between the offices must be minimized. What should you do?

A. Configure Server2 as a downstream server in autonomous mode. B. On Server1, configure a computer group that contains the client computers in the branch office, and then set the approvals to Automatic. C. On Server1, configure a client computer group that contains Server2, and then set the approvals to Automatic. D. Configure Server2 as a downstream server in replica mode.

Answer: D Explanation:

QUESTION 24 Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that have the Windows Deployment Services server role installed. You use Windows Deployment Services (WDS) to deploy operating systems to client computers. Server1 contains two boot images and two install images of Windows 8. You copy the images to the appropriate WDS image folders on Server2. You need to ensure that you can use the images on Server2 to install the client computers. What should you do on Server2?

A. Run wdsutil.exe and specify the /bcdrefreshpolicy parameter. B. Run bcdboot.exe and specify the /addlast parameter. C. Run wdsutil.exe and specify the /resetbootprogram parameter. D. Run bcdboot.exe and specify the fm parameter.

Answer: A Explanation: WDSUTIL /set-server /BcdRefreshPolicy /Enabled:yes /RefreshPeriod:<time in minutes> Causes the server to regenerate BCD stores in the \Tmp folder for all boot images. If you do not configure this policy or if your refresh period is too long, network boots will fail with the following error message: “The boot selection failed because a required device is inaccessible.” (0xc000000f). This is because the server must be regenerate the corresponding BCD before a client can receive a boot image from the server.

QUESTION 25 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has the Windows Deployment Services server role installed. Server1 hosts a single install image of Windows 8 (x64) and 200 driver groups. Each driver group has a different set of filters configured. You are preparing to deploy windows 8 to a new hardware model. You need to recommend a solution to identify which drivers from the existing driver groups will be deployed to the new hardware model. What should you do first?

Answer: A Explanation: The Expected Deployment Results Wizard is a new feature in Windows 2012 Server WDS,which allows administrators to view deployment information – such as the set of matching driver groups that would be sent to a prestaged device. It enables administrators to model the process of deploying a computer and seeing what boot images, install images, driver groups the computer will be offered from the server. It is designed to help administrators efficiently test configuration changes to their servers and see how they impact deployments to all or specific (prestaged) computers. The tool is especially valuable when used to test some of the advanced configuration options afforded by the WDS infrastructure for custom deployments.

QUESTION 26 Drag and Drop Question Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1. Server1 contains a shared folder named Share1. The domain has Microsoft System Center 2012 Configuration Manager deployed. All client computers run Windows 7. You plan to upgrade all of the client computers in the marketing department to Windows 8. You will migrate the user settings by using the User State Migration Tool (USMT). You need to capture the user state on each client computer. The solution must exclude offline files from the captured data. Which three actions should you perform? To answer, move the three appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:

QUESTION 27 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has Microsoft System Center 2012 Configuration Manager installed. All client computers run Windows 7. You plan to deploy Windows 8 to all of the client computers. You discover that the Client Replace Task Sequence task sequence is unavailable from the Configuration Manager console. You need to ensure that the Client Replace Task Sequence task sequence is available from Configuration Manager. What should you install on Server1?

Answer: D Explanation: The Client Replace Task Sequence will only be available if we integrate MDT in SCCM:

QUESTION 28 Your company has a main office and five branch offices. The network contains an Active Directory domain named contoso.com. The domain contains 500 client computers. All of the client computers run Windows 7. An Active Directory site exists for each office. You plan to deploy a custom image to the client computers. You need to recommend a deployment solution to meet the following requirements: – Each computer must be able to download the image from a server in the local office. – User interaction during the deployment must not be required. – You must be able to deploy the images after business hours. What should you include in the recommendation? More than one answer choice may achieve the goal. Select the BEST answer.

A. Deploy Microsoft Deployment Toolkit (MDT) 2012 in the main office and a Windows Deployment Services (WDS) server in each office. B. Deploy Microsoft System Center 2012 Orchestrator in the main office and a Windows Deployment Services (WDS) server in each office. C. Deploy Microsoft System Center 2012 Configuration Manager in the main office and a distribution point in each office. D. Deploy Microsoft Deployment Toolkit (MDT) 2012 and Microsoft System Center 2012 Configuration Manager in each office.

Answer: C

QUESTION 29 Drag and Drop Question Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that has Microsoft System Center 2012 Configuration Manager installed. Configuration Manager has all of the system roles enabled. The domain contains 500 client computers that run Windows XP. You need to install Windows 8 on all of the client computers by running a full installation from a Configuration Manager task sequence. The solution must meet the following requirements: – All user state data must be copied to a secure network location before the installation of Windows 8. – All user state data must be retained on the network after the installation of Windows 8. Which five actions should you include in the task sequence? To answer, move the five appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:

QUESTION 30 Your network contains an Active Directory domain named contoso.com. You have 20 secure client computers that do not have DVD drives or USB ports. The client computers run Windows XP and use an application named Appl. App1 only runs on Windows XP. The client computers have multiple partitions. You need to configure the client computers to dual-boot between Windows XP and Windows 8. You copy the Windows 8 source files to a network share. What should you do next from the network share?

A. Copy Install.wim to the local hard disk drive, and then run bcdedit.exe. B. Copy Boot.wim to the local hard disk drive, and then run bcdboot.exe. C. Run dism.exe. D. Run setup.exe.

QUESTION 11 Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Windows Deployment Services server role installed. You have a virtual machine named VM1. VM1 is configured as shown in the exhibit. (Click the Exhibit button.) You need to ensure that you can capture an image of VM1 by using Windows Deployment Services (WDS). What should you do?

A. Add a legacy network adapter to VM1 and a capture image to Server1. B. Add an install image and a capture image to Server1. C. Add a legacy network adapter to VM1 and a discovery image to Server1. D. Add a discovery image and a capture image to Server1.

Answer: A Explanation: Add a legacy network adapter to VM1 and a capture image to Server1. Without the exhibit, we can only guess that the VM is configured without a legacy network adapter. PXEis only available on a legacy network adapter in HV.

QUESTION 12 Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that have the Windows Deployment Services server role installed. Server1 is located on the same network segment as the client computers. Server2 is a standalone Windows Deployment Services (WDS) server that is used for testing. Server2 is located on a different network segment than the client computers. You add a new image of Windows 8 named TestImage to Server2. You plan to deploy the image to several test client computers. You need to ensure that when the test client computers start, they connect automatically to WDS on Server2. What should you use to start the client computers?

Answer: C Explanation: A discover image is a type of boot image that you can use to install an operating system on a computer that is not capable of network booting using the Pre-Boot Execution Environment (PXE). You may want to use a discover image in the following scenarios: A client is not PXE-enabled. A client is on a different subnet and you do not have method of getting PXE to the client (for example, IP helper tables or Dynamic Host Control Protocol (DHCP)). You have many Windows Deployment Services servers and want to target a specific server. When you boot a computer into a discover image, the Windows Deployment Services client will locate a Windows Deployment Services server, and then you can choose the install image you want to install. You can specify a destination server and the discover image will locate and install the image from the server automatically. You can also configure discover images to target a specific Windows Deployment Services server. This means that if you have multiple servers in your environment, you can create a discover image for each one, and then name them based on the name of the server. Creating Discover Images.

QUESTION 13 Your network contains a server named Server1 that runs Windows Server 2012. You plan to deploy Windows 8 to 200 client computers to meet the following requirements: – Ten executive users must be able to use an application named Appl. Other users must not be able to use Appl. – All users must be able to use Microsoft Office 2010 when their client computer is disconnected from the network. The solution must ensure that the amount of hard disk space used to store the images of Windows 8 is minimized. You need to recommend an image deployment solution that meets the requirements of the planned deployment. Which solution should you recommend?

QUESTION 14 You have a server named Server1 that runs Windows Server 2012. You install the Windows Deployment Services server role on Server1. You plan to deploy Windows 8 to client computers by using Windows Deployment Services (WDS). You need to identify which images are required for the planned deployment. The solution must use the minimum amount of images. Which images should you identify? (Each correct answer presents part of the solution. Choose all that apply.)

Answer: AB Explanation: After you have at least one boot and one install image on the server, you can deploy an install image. The question doesn’t state that you need to capture an existing machine, so you can just use the .wim from the install media. The question does not specify whether clients have enabled or disable the PXE, therefore, the PXE is enable in the clients and not necesary a discover image http://technet.microsoft.com/en-us/library/jj648426.aspx

QUESTION 15 Your network contains an Active Directory domain named contoso.com. The domain contains a server that runs Windows Server 2012. You have an offline image of Windows 8. You download and extract 10 updates from Microsoft Update. You plan to deploy the updates to the image. You need to identify which updates can be fully installed while the image is offline. What should you do?

A. On Server1, run dism.exe and specify the /mountrw parameter and the /get-mountedwiminfo parameter. B. On Server1, run the Mount-WindowsImage cmdlet, and then run the Get-WindowsImage cmdlet. C. On Server1, run the Mount-Windowslmage cmdlet, and then run the Get-WindowsPackage cmdlet. D. On Server1, run dism.exe and specify the /mount parameter and the /get-wiminfo parameter.

Answer: C

QUESTION 16 Your network contains an Active Directory domain named contoso.com. The domain contains a Windows Server Update Services (WSUS) server. The domain has Microsoft System Center 2012 Configuration Manager and Microsoft System Center 2012 Virtual Machine Manager (VMM) deployed. Users in the finance department connect to a managed pooled virtual desktop collection. You need to recommend a strategy to apply operating system updates to the virtual desktops used by the finance users. What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.

QUESTION 17 Your network contains an Active Directory domain named contoso.com. The domain contains a Virtual Desktop Infrastructure (VDI). The VDI contains three servers. The servers are configured as shown in the following table. You need to identify the last 30 users who attempted to connect to a virtual desktop. What should you do?

A. On Server1, create a Data Collector Set (DCS) by using Performance Monitor. B. On Server1, run rdvdiag.exe. C. On Server2 and Server3, run rdvdiag.exe. D. On Server2 and Server3, create a Data Collector Set (DCS) by using Performance Monitor.

Answer: B Explanation: Found in a MS .doc file concerning the troubleshooting of VDI deployment: RDVDiag must be run on the Connection Broker server that is used to managed the deployment using RDMS. The Connections tab in rdvdiag.exe lists all of the connections to the collections in the deployment. Click Start to list the last 30 connections and display the ConnGuid field, which is the Connection GUID for that connection. RDVDIAG

QUESTION 18 Your network contains a managed pooled virtual desktop collection named Collection1. Collection1 contains five virtual desktops named VD1, VD2, VD3, VD4, and VD5. You need to deploy an application named App1 to the virtual machines. App1 must be available as quickly as possible to every user who uses a virtual desktop. What should you do?

A. Run the Recreate All Virtual Desktops wizard, and then install App1 on the parent virtual machine. B. Install App1 on the parent virtual machine, and then run the Recreate All Virtual Desktops wizard. C. Run the Recreate All Virtual Desktops wizard, and then install App1 on each virtual desktop. D. Install App1 on each virtual desktop, and then run the Recreate All Virtual Desktops wizard.

Answer: B Explanation: Hyper-V Virtual Machine (VM) Parent-Child Configuration Using Differencing Disks One way to optimize disk space and reduce the number of times that you have to install and update a released operating system is to create parent child configurations using differencing disks in Hyper-V. For example, if you need to install a test lab that will employ three Windows Server 2008 R2 installations: one configured as a domain controller, another configured as an Exchange Server, and a third configured as a SQL Server, you could use a Parent-Child Differencing disk configuration to save the time of installing and updating the Windows Server 2008 R2 installation for all three of those virtual machines. http://social.technet.microsoft.com/wiki/contents/articles/1393.hyper-v-virtual-machine-vm- parentchild-configuration-using-differencing-disks.aspx#InstallOS

QUESTION 19 Your network contains a Virtual Desktop Infrastructure (VDI), The VDI contains five Hyper-V hosts. The Hyper-V hosts are in a failover cluster. You need to recommend a solution to distribute automatically the virtual desktops based on the current resource usage of the Hyper-V hosts. What should you include in the recommendation?

QUESTION 20 Your network contains an Active Directory domain named contoso.com. The domain has Microsoft System Center 2012 Configuration Manager deployed. You use Configuration Manager to deploy Windows updates to client computers. Your company has several line-of-business applications deployed. The application developer uses Windows Installer patches (.msp files) to provide the company with application updates. You need to recommend a solution to integrate the deployment of the application updates into the current update infrastructure. What should you include in the recommendation?

Answer: D Explanation: System Center Updates Publisher Updates Publisher 2011 is an application that can be used with System Center Configuration Manager to enable independent software vendors or line-of-business application developers and IT administrators to: Import software updates from catalogs created by non-Microsoft organizations or created from within the administrator’s organization Create and modify software update definitions Create applicability and deployment metadata for software updates Export software update definitions to other Updates Publisher 2011 consoles Publish software updates to a configured update server By using Updates Publisher to define software updates and publish them to the update server, administrators you can begin detecting and deploying published software updates with System Center Configuration Manager to client and server computers in your organization. New in System Center Updates Publisher 2011 An improved user interface that allows better control of managing software updates. A new automatic publication type with which Updates Publisher 2011 can query Configuration Manager to determine whether the selected software update or software update bundle is published with full content or only metadata. A new Software Update Cleanup Wizard that you can use to expire software updates that exist on the update server, but are not in the Updates Publisher 2011 repository. The ability to create Software Update bundles. The ability to define prerequisite updates and superseded updates as part of a software update definition Hyperlink

QUESTION 1 Your network contains an Active Directory domain named contoso.com. The domain contains an internal network and a perimeter network. The perimeter network contains a server named Gateway1 that has the Remote Desktop Gateway role service installed. From the Internet, all of the domain users can access several Remote Desktop Session Host (RD Session Host) servers on the internal network by using Remote Desktop Gateway (RD Gateway) on Gateway1. Currently, the users cannot access their internal desktop computer from the Internet by using RD Gateway on Gateway1. On the internal network, a user named User1 has a client computer named Computer1 that runs Windows 8. You enable Remote Desktop on Computer1. You need to ensure that User1 can access Computer1 from the Internet by using a Remote Desktop connection. What should you configure?

Answer: D Explanation: The users can access to the Remote Desktop Session Host (RD Session Host) servers on the internal network by using Remote Desktop Gateway, but, they can’t access to particular computer. RD RAPs RD RAPs allow you to specify the internal network resources that remote users can connect to through an RD Gateway server. When you create an RD RAP, you can create a computer group (a list of computers on the internal network to which you want the remote users to connect) and associate it with the RD RAP. Remote users connecting to an internal network through an RD Gateway server are granted access to computers on the network if they meet the conditions specified in at least one RD CAP and one RD RAP. Understanding Authorization Policies for Remote Desktop Gateway

QUESTION 2 Your network contains an Active Directory domain named contoso.com. The domain contains servers that run Windows Server 2012. You plan to deploy a Remote Desktop Virtualization Host (RD Virtualization Host) that will contain five virtual desktops. The requirement of each virtual desktop is shown in the following table. You need to identify which virtual desktop or virtual desktops require a virtual SCSI controller. Which virtual desktop or desktops should you identify? (Each correct answer presents part of the solution. Choose all that apply.)

A. VD1 B. VD2 C. VD3 D. VD4 E. VD5

Answer: AD

QUESTION 3 You have a server named Server1. You open Server Manager on Server1 as shown in the exhibit. (Click the Exhibit button.) You need to ensure that you can publish RemoteApp programs. What should you do?

QUESTION 4 Your network contains an Active Directory domain named contoso.com. The domain has Remote Desktop Services (RDS) deployed. The domain contains six servers. The servers are configured as shown in the following table. You plan to configure Server6 as an additional RD Connection Broker in the RDS deployment. You need to identify which servers require the SQL Server Native Client installed. Which servers should you identify? (Each correct answer presents part of the solution. Choose all that apply.)

A. Server1 B. Server2 C. Server3 D. Server4 E. Server5 F. Server6

Answer: CF Explanation: You must have a SQL Server setup that can be used by the RD Connection Broker servers to store data. At least SQL Server 2008 R2 must be used, and the minimum recommended SQL Server SKU for this is Standard with at least 4GB of RAM. RD Connection Broker High Availability in Windows Server 2012

QUESTION 5 Your network contains an Active Directory domain named contoso.com. The domain has Remote Desktop Services (RDS) deployed. The domain contains two servers named Server1 and Server2 that have the Remote Desktop Web Access role service installed. The RD Web Access sites are accessible by using the URL https://rdp.contoso.com/rdweb. You connect to https://rdp.contoso.com/rdweb and you receive the error message shown in the exhibit. (Click the Exhibit button.) You need to prevent the error message from appearing when users connect to the RD Web Access sites. You obtain a server certificate for rdp.contoso.com from a trusted certification authority (CA). What should you do next? More than one answer choice may achieve the goal. Select the BEST answer.

A. On Server1 and Server2, open the Certificates console and import the server certificate to the Trusted Publishers store. B. On Server1 and Server2, open the Certificates console and import the server certificate to the Remote Desktop certificate store. C. From Server Manager, open the properties of the RDS deployment and select the server certificate. D. On Server1 and Server2, open Internet Information Services (IIS) Manager and modify the bindings of the Default Web Site.

QUESTION 6 You manage a pooled virtual desktop collection named Collection1. Collection1 is configured to use user profile disks. You need to ensure that when users log off of their virtual desktop, the contents of the Downloads, Music, and Pictures folders are deleted. The contents of the other profile folders must be retained. What should you do?

A. From a Group Policy object (GPO), modify the Folder Redirection settings. B. From the properties of each user account, modify the Remote Desktop Service Profile settings. C. From Server Manager, modify the properties of Collection1. D. From the properties of each user account, modify the Sessions settings.

Answer: C Explanation:

QUESTION 7 Hotspot Question You have a server named Server1 that runs Windows Server 2012. Server1 has the Remote Desktop Virtualization Host role service installed. You plan to create two virtual desktop collections named Collection1 and Collection2. Each collection will support a separate group of users. The requirements of each collection are shown in the following table. You need to identify the required configuration for each collection. What should you identify? To answer, select the appropriate Collection type and Management type for each collection in the dialog box in the answer area. Answer:

QUESTION 8 Your network contains an Active Directory domain named contoso.com. The domain contains five servers. The servers are configured as shown in the following table. You plan to deploy the Virtual Machine Servicing Tool (VMST) 3.0. You need to identify on which server VMST 3.0 must be installed. Which server should you identify?

A. Server1 B. Server2 C. Server3 D. Server4 E. Server5

Answer: B Explanation: VMST3 must be installed on the same server as the VMM Administrator Console (which provides the Windows PowerShell support).

QUESTION 9 You have a corporate image of Windows 8 named Imagel.wim. You deploy Image1 from a bootable USB flash drive to a client computer named Computer1. You add several applications to Image1 and configure the applications. You need to capture the modified image to the bootable USB flash drive as Image2. The solution must meet the following requirements: • The amount of disk space required for storage must be minimized. • The settings of Image1 must be retained. You start the client computer from a Windows Pre-installation Environment (Windows PE) deployment image. What should you do next? (Each correct answer presents a complete solution. Choose all that apply.)

A. Run the diskpart select command. B. Run the dism.exe command and specify the /append-image parameter. C. Run the dism.exe command and specify the /capture-image parameter. D. Run the imagex.exe command and specify the /capture parameter. E. Run the diskpart attach command. F. Run the imagex.exe command and specify the /append parameter.

QUESTION 10 Your network contains an Active Directory domain named contoso.com. You have a custom image of Windows 8 that contains a Windows Store application named Appl. You need to remove App1 completely from the image. You must achieve the goal by using the minimum amount of administrative effort. What should you do?

A. Run the dism.exe command and specify the /image parameter and the /Remove-Package parameter. B. Run the dism.exe command and specify the /image parameter and the /Remove- ProvisionedAppxPackage parameter. C. Run the imagex.exe command and specify the /mountrw parameter and the /delete parameter. D. Run the imagex.exe command and specify the /mountrw parameter and the /cleanup parameter.

QUESTION 241 Your network contains two servers named Server1 and Server2 that run Windows Server 2008 R2. Server1 and Server2 are nodes in a failover cluster named Cluster1. The network contains two servers named Server3 and Server4 that run Windows Server 2012 R2. Server3 and Server4 are nodes in a failover cluster named Cluster2. You need to move all of the applications and the services from Cluster1 to Cluster2. What should you do first from Failover Cluster Manager?

A. On a server in Cluster1, click Move Core Cluster Resources, and then click Select Node. B. On a server in Cluster2, configure Cluster-Aware Updating. C. On a server in Cluster1, configure Cluster-Aware Updating. D. On a server in Cluster2, click Migrate Roles.

Answer: A

QUESTION 242 Your network contains two servers named HV1 and HV2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed. HV1 hosts 25 virtual machines. The virtual machine configuration files and the virtual hard disks are stored in D:\VM. You shut down all of the virtual machines on HV1. You copy D:\VM to D:\VM on HV2. You need to start all of the virtual machines on HV2. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?

A. Run the Import-VMInitialReplication cmdlet. B. From HV1, export all virtual machines to D:\VM. Copy D:\VM to D:\VM on HV2 and overwrite the existing files. On HV2, run the Import Virtual Machine wizard. C. From HV1, export all virtual machines to D:\VM. Copy D:\VM to D:\VM on HV2 and overwrite the existing files. On HV2, run the New Virtual Machine wizard. D. Run the Import-VM cmdlet.

Answer: D

QUESTION 243 Your company recently deployed a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2. You need to identify the time-to-live (TTL) value for domain referrals to the NETLOGON and SYSVOL shared folders. Which tool should you use?

A. Ultrasound B. Replmon C. Dfsdiag D. Frsutil

Answer: C

QUESTION 244 Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 has Microsoft SQL Server 2012 installed. You install the Active Directory Federation Services server role on Server2. You need to configure Server2 as the first Active Directory Federation Services (AD FS) server in the domain. The solution must ensure that the AD FS database is stored in a SQL Server database on Server1. What should you do on Server2?

Answer: A Explanation: To create the first federation server in a federation server farm There are two ways to start the AD FS Federation Server Configuration Wizard. On the Welcome page, verify that Create a new Federation Service is selected, and then click Next. On the Select Stand-Alone or Farm Deployment page, click New federation server farm, and then click Next. On the Specify the Federation Service Name page, verify that the SSL certificate that is showing is correct. If this is not the correct certificate, select the appropriate certificate from the SSL certificate list. Etc. Note: After you install the Federation Service role service and configure the required certificates on a computer, you are ready to configure the computer to become a federation server. You can use the following procedure to set up the computer to become the first federation server in a new federation server farm using the AD FS Federation Server Configuration Wizard. The act of creating the first federation server in a farm also creates a new Federation Service and makes this computer the primary federation server. This means that this computer will be configured with a read/write copy of the AD FS configuration database. All other federation servers in this farm must replicate any changes that are made on the primary federation server to their read-only copies of the AD FS configuration database that they store locally. Reference: To create the first federation server in a federation server farm

QUESTION 245 Your network contains two servers that run Windows Server 2012 R2 named Server1 and Server2. Both servers have the File Server role service installed. On Server2, you create a share named Backups. From Windows Server Backup on Server1, you schedule a full backup to run every night. You set the backup destination to \\Server2 \Backups. After several weeks, you discover that \\Server2\Backups only contains the last backup that completed on Server1. You need to ensure that multiple backups of Server1 are maintained. What should you do?

A. Modify the Volume Shadow Copy Service (VSS) settings. B. Modify the properties of the Windows Store Service (WSService) service. C. Change the backup destination, D. Configure the permission of the Backups share.

Answer: C

QUESTION 246 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has an enterprise root certification authority (CA) for contoso.com. You deploy another member server named Server2 that runs Windows Server 2012 R2 and has the Web Server (IIS) server role installed. You need to designate a website on Server1 as the certificate revocation list (CRL) distribution point for the C A. The solution must ensure that CRLs are published automatically to Server2. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

Answer: AE Explanation: A: To specify CRL distribution points in issued certificates Open the Certification Authority snap-in. In the console tree, click the name of the CA. On the Action menu, click Properties , and then click the Extensions tab. Confirm that Select extension is set to CRL Distribution Point (CDP) . Do one or more of the following. (The list of CRL distribution points is in the Specify locations from which users can obtain a certificate revocation list (CRL) box.) / To indicate that you want to use a URL as a CRL distribution point Click the CRL distribution point, select the Include in the CDP extension of issued certificates check box, and then click OK . Click Yes to stop and restart Active Directory Certificate Services (AD CS). E: You can specify CRL Distribution Points (CDPs) in CAPolicy.inf. Note that any CDP in CAPolicy.inf will take precedence for certificate verifiers over the CDP’s specified in the CA policy module. Note: CRLDistributionPoint You can specify CRL Distribution Points (CDPs) for a root CA certificate in the CAPolicy.inf. This section does not configure the CDP for the CA itself. After the CA has been installed you can configure the CDP URLs that the CA will include in each certificate that it issues. The URLs specified in this section of the CAPolicy.inf file are included in the root CA certificate itself. Example: [CRLDistributionPoint] URL=http://pki.wingtiptoys.com/cdp/WingtipToysRootCA.crl

QUESTION 247 Your network contains an Active Directory domain named adatum.com. You create a new Group Policy object (GPO) named GPO1. You need to verify that GPO1 was replicated to all of the domain controllers. Which tool should you use?

QUESTION 248 Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2. You install Windows Server 2012 R2 on a new computer named DC3. You need to manually configure DC3 as a domain controller. Which tool should you use?

Answer: B Explanation: When you try to DCpromo a Server 2012, you get this message:

QUESTION 249 Your network contain an active directory domain named Contoso.com. The domain contains two servers named server1 and server2 that run Windows Server 2012 R2. You create a security template named template1 by using the security template snap-in. You need to apply template1 to server2. Which tool should you use?

QUESTION 250 Your network contains an Active Directory forest named contoso.com. All servers run Windows Server 2012 R2. You need to create a custom Active Directory Application partition. Which tool should you use?

A. Netdom B. Ntdsutil C. Dsmod D. Dsamain

Answer: B Explanation: * To create or delete an application directory partition Open Command Prompt. Type:ntdsutil At the ntdsutil command prompt, type:domain management At the domain management command prompt, type:connection At the server connections command prompt, type:connect to server ServerName At the server connections command prompt, type:quit At the domain management command prompt, do one of the following: * partition management Manages directory partitions for Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS). This is a subcommand of Ntdsutil and Dsmgmt. Ntdsutil and Dsmgmt are command-line tools that are built into Windows Server 2008 and Windows Server 2008 R2. / partition management create nc %s1 %s2 Creates the application directory partition with distinguished name %s1, on the Active Directory domain controller or AD LDS instance with full DNS name %s2. If you specify “NULL” for %s2, this command uses the currently connected Active Directory domain controller. Use this command only with AD DS. For AD LDS, use create nc %s1 %s2 %s3. Note: * An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition.

QUESTION 231 You have a server named Server1 that runs Windows Server 2012 R2. You download and install the Windows Azure Online Backup Service Agent on Server1. You need to ensure that you can configure an online backup from Windows Server Backup. What should you do first?

A. From Windows Server Backup, run the Register Server Wizard. B. From Computer Management, add the Server1 computer account to the Backup Operators group. C. From a command prompt, run wbadmin.exe enable backup. D. From the Services console, modify the Log On settings of the Windows Azure Online Backup Service Agent.

Answer: A Explanation: A. Enables you to back up and restore your operating system, volumes, files, folders, and applications from a command prompt. B. To register a server for use with Windows Azure Backup you must run the register server wizard http://technet.microsoft.com/en-us/library/hh831677.aspx

QUESTION 232 Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. The domains contain three domain controllers. The domain controllers are configured as shown in the following table. You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting is enforced in the child1.contoso.com domain. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

Answer: BD Explanation: If you want to create access control based on claims and compound authentication, you need to deploy Dynamic Access Control. This requires that you upgrade to Kerberos clients and use the KDC, which support these new authorization types. With Windows Server 2012 R2, you do not have to wait until all the domain controllers and the domain functional level are upgraded to take advantage of new access control options http://technet.microsoft.com/en-us/library/hh831747.aspx.

QUESTION 233 Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table. DC1 hosts an Active Directory-integrated zone for contoso.com. You add the DNS Server server role to DC2. You discover that the contoso.com DNS zone fails to replicate to DC2. You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2. You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication. Which tool should you use?

Answer: C Explanation: Repadmin.exe is a command line tool that is designed to assist administrators in diagnosing, monitoring, and troubleshooting Active Directory replication problems. Reference: Repadmin Introduction and Technology Overview Note: If you see question about AD Replication, First preference is AD sites and services, then Repadmin and then DNSLINT.

QUESTION 234 Your network contains an Active Directory domain named contoso.com. The domain contains a main office and a branch office. An Active Directory site exists for each office. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table. DC1 hosts an Active Directory-integrated zone for contoso.com. You add the DNS Server server role to DC2. You discover that the contoso.com DNS zone fails to replicate to DC2. You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2. You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication. Which tool should you use?

Answer: C Explanation: The primary tool that you use to manage DNS servers is DNS Manager, the DNS snap-in in Microsoft Management Console (MMC), which appears as DNS in Administrative Tools on the Start menu. You can use DNS Manager along with other snapins in MMC, further integrating DNS administration into your total network management. It is also available in Server Manager on computers with the DNS Server role installed. You can use DNS Manager to perform the following basic administrative server tasks: * Performing initial configuration of a new DNS server. * Connecting to and managing a local DNS server on the same computer or remote DNS servers on other computers. * Adding and removing forward and reverse lookup zones, as necessary. * Adding, removing, and updating resource records in zones. * Modifying how zones are stored and replicated between servers. * Modifying how servers process queries and handle dynamic updates. Modifying security for specific zones or resource records. In addition, you can also use DNS Manager to perform the following tasks: * Perform maintenance on the server. You can start, stop, pause, or resume the server or manually update server data files. * Monitor the contents of the server cache and, as necessary, clear it. * Tune advanced server options. Configure and perform aging and scavenging of stale resource records that are stored by the server. Reference: DNS Tools

QUESTION 235 Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table. The Branch site contains a perimeter network. For security reasons, client computers in the perimeter network can communicate with client computers in the Branch site only. You plan to deploy a new RODC to the perimeter network in the Branch site. You need to ensure that the new RODC will be able to replicate from DC10. What should you do first on DC10?

A. Run dcpromo and specify the /createdcaccount parameter. B. Run the Active Directory Domain Services Configuration Wizard. C. Run the Add-ADDSReadOnlyDomainControllerAccount cmdlet. D. Enable the Bridge all site links setting.

Answer: C Explanation: Creates a read-only domain controller (RODC) account that can be used to install an RODC in Active Directory. Note: * Notes Once you have added the RODC account, you can add an RODC to a server computer by using the Install-ADDSDomainController cmdlet with the -ReadOnlyReplica switch parameter. * Example Adds a new read-only domain controller (RODC) account to the corp.contoso.com domain using the North America site as the source site for the replication source domain controller. C:\PS>Add-ADDSReadOnlyDomainControllerAccount -DomainControllerAccountName RODC1 -DomainName corp.contoso.com -SiteName NorthAmerica Reference: Add-ADDSReadOnlyDomainControllerAccount

QUESTION 236 Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA). All users in the domain are issued a smart card and are required to log on to their domainjoined client computer by using their smart card. A user named User1 resigned and started to work for a competing company. You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain. Which tool should you use?

QUESTION 237 You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DNS Server server role installed. You need to store the contents of all the DNS queries received by Server1. What should you configure?

QUESTION 238 You have a server named LON-DC1 that runs Windows Server 2012 R2. An iSCSI virtual disk named VirtuahSCSIl.vhd exists on LON-DC1 as shown in the exhibit. (Click the Exhibit button.) You create a new iSCSI virtual disk named VirtualiSCSI2.vhd by using the existing itgt iSCSI target. VirtuahSCSI1.vhd is removed from LON-DC1. You need to assign VirtualiSCSI2.vhd a logical unit value of 0. What should you do?

A. Run the Set-IscsiVirtualDisk cmdlet and specify the -DevicePath parameter. B. Run the iscsicpl command and specify the virtualdisklun parameter. C. Modify the properties of the itgt ISCSI target. D. Run the Set-VirtualDisk cmdlet and specify the -Uniqueld parameter.

Answer: D Explanation: Set-VirtualDisk Modifies the attributes of an existing virtual disk. Applies To: Windows Server 2012 R2 -UniqueId<String> Specifies an ID used to uniquely identify a Disk object in the system. The ID persists through restarts. Note: Logical unit numbers (LUNs) created on an iSCSI disk storage subsystem are not directly assigned to a server. For iSCSI, LUNs are assigned to logical entities called targets. Incorrect: Not A: Set-IscsiVirtualDisk Modifies the settings for the specified iSCSI virtual disk. -Path<String> (alias: DevicePath) Specifies the path of the virtual hard disk (VHD) file that is associated with the iSCSI virtual disk. Filter the iSCSI Virtual Disk object using this parameter. Not B: iscsicpl.exe could is the Microsoft iSCSI Initiator Configuration Tool. Microsoft Internet iSCSI Initiator enables you to connect a host computer that is running Windows 7 or Windows Server 2008 R2 to an external iSCSI-based storage array through an Ethernet network adapter.

QUESTION 239 You have a Hyper-V host named Server1 that runs Windows Server 2012 R2. Server1 contains a virtual machine named VM1 that runs Windows Server 2012 R2. You fail to start VM1 and you suspect that the boot files on VM1 are corrupt. On Server1, you attach the virtual hard disk (VHD) of VM1 and you assign the VHD a drive letter of F. You need to repair the corrupt boot files on VM1. What should you run?

QUESTION 240 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS Server server role installed. Server1 has a zone named contoso.com. The zone is configured as shown in the exhibit. (Click the Exhibit button.) You need to assign a user named User1 permission to add and delete records from the contoso.com zone only. What should you do first?

A. Enable the Advanced view from DNS Manager. B. Add User1 to the DnsUpdateProxy group. C. Run the New Delegation Wizard. D. Configure the zone to be Active Directory-integrated.

QUESTION 221 Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a file server role named FS1 and a generic service role named SVC1. Server1 is the preferred node for FS1. Server2 is the preferred node for SVC1. You plan to run a disk maintenance tool on the physical disk used by FS1. You need to ensure that running the disk maintenance tool does not cause a failover to occur. What should you do before you run the tool?

A. Run cluster.exe and specify the pause parameter. B. Run cluster.exe and specify the offline parameter. C. Run Suspend-ClusterResource D. Run Suspend-ClusterNode.

Answer: B

QUESTION 222 Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a Clustered Shared Volume (CSV). A developer creates an Application named App1. App1 is NOT a cluster-aware Application. App1 stores data in the file system. You need to ensure that App1 runs in Cluster1. The solution must minimize development effort. Which cmdlet should you run?

QUESTION 223 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 is an enterprise root certification authority (CA) for contoso.com. Your user account is assigned the certificate manager role and the auditor role on the contoso.com CA. Your account is a member of the local Administrators group on Server1. You enable CA role separation on Server1. You need to ensure that you can manage the certificates on the CA. What should you do?

QUESTION 224 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DHCP Server server role installed. An administrator installs the IP Address Management (IPAM) Server feature on a server named Server2. The administrator configures IPAM by using Group Policy based provisioning and starts server discovery. You plan to create Group Policies for IPAM provisioning. You need to identify which Group Policy object (GPO) name prefix must be used for IPAM Group Policies. What should you do on Server2?

A. From Server Manager, review the IPAM overview. B. Run the ipamgc.exe tool. C. From Task Scheduler, review the IPAM tasks. D. Run the Get-IpamConfiguration cmdlet.

Answer: A

QUESTION 225 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. The system properties of Server1 are shown in the exhibit. (Click the Exhibit button.) You need to configure Server1 as an enterprise subordinate certification authority (CA). What should you do first?

A. Add RAM to the server. B. Set the Startup Type of the Certificate Propagation service to Automatic. C. Install the Certification Authority Web Enrollment role service. D. Join Server1 to the contoso.com domain.

Answer: D

QUESTION 226 Drag and Drop Question Your network contains an Active Directory domain named contoso.com. The domain contains four member servers named Server1, Server2, Server3, and Server4. Server1 and 5erver2 run Windows Server 2008 R2. Server1 and Server2 have the Hyper-V server role and the Failover Clustering feature installed. Failover Clustering is configured to provide highly available virtual machines by using a cluster named Cluster1. Cluster1 hosts 10 virtual machines. Server3 and Server4 run Windows Server 2012 R2. You install the Hyper-V server role and the Failover Clustering feature on Server3 and Server4. You create a cluster named Cluster2. You need to migrate cluster resources from Cluster1 to Cluster2. The solution must minimize downtime on the virtual machines. Which five actions should you perform? To answer, move the appropriate five actions from the list of actions to the answer area and arrange them in the correct order. Answer: Explanation: Migrate a Cluster Wizard Box 1: Shut down all of the virtual machines in Cluster1. Box 2: Unmask the shared storage to present the storage to Cluster2. Box 3: Mask the shared storage to prevent the storage from being accessed by Cluster1. Box 4: Start the virtual machines in Cluster2. Box 5: From the Failover Cluster Manager in Cluster1, run the Migrate a Cluster Wizard. Note: * The new cluster roles are always created offline – when VMs and users are ready, the following steps should be used during a maintenance window: i. The source VMs should be shut down and turned off. ii. The source cluster CSV volumes that have been migrated should be off-lined. iii. The storage that is common to both clusters (LUNS) should be masked (hidden) from the source cluster, to prevent accidental usage by both clusters. iv. The storage that is common to both clusters (LUNS) should be presented to the new cluster. v. The CSV volumes on the target cluster should be on-lined. vi. The VMs on the target cluster should be on-lined. vii. VMs are migrated and ready for use! * Now that the target cluster has been pre-staged, use the following steps during a maintenance window to cut over to the new Windows Server 2012 R2 cluster: 1. Shutdown all VMs on the source Windows Server 2008 R2 cluster that have been migrated. 2. Configure the storage: a. Unmask the common shared storage (LUNs) so that they are not presented to the Windows Server 2008 R2source cluster Note: Data could become corrupt if they are presented to multiple clusters at the same time. b. Mask the common shared storage (LUNs) to the Windows Server 2012 R2 target cluster.

QUESTION 227 Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 has access to four physical disks. The disks are configured as shown in the following table. You need to identify which disk can be added to a Clustered Storage Space in Cluster1. Which disk should you identify?

A. Disk1 B. Disk2 C. Disk3 D. Disk4

Answer: B

QUESTION 228 You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the File Server Resource Manager role service installed. You attempt to delete a classification property and you receive the error message as shown in the exhibit. (Click the Exhibit button.) You need to delete the is Confidential classification property. What should you do?

A. Delete the classification rule that is assigned the isConfidential classification property. B. Disable the classification rule that is assigned the isConfidential classification property. C. Set files that have an isConfidential classification property value of Yes to No. D. Clear the isConfidential classification property value of all files.

Answer: A

QUESTION 229 You have a server named Server1 that runs Windows Server 2012 R2. Windows Server 2012 R2 is installed on volume C. You need to ensure that Safe Mode with Command Prompt loads the next time Server1 restarts. Which tool should you use?

QUESTION 230 You have a failover cluster named Cluster1 that contains four nodes. All of the nodes run Windows Server 2012 R2. You need to schedule the installation of Windows updates on the cluster nodes. Which tool should you use?

QUESTION 211 Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Node1 and Node2. Node1 and Node2 run Windows Server 2012 R2. Node1 and Node2 are configured as a two-node failover cluster named Cluster2. The computer accounts for all of the servers reside in an organizational unit (OU) named Servers. A user named User1 is a member of the local Administrators group on Node1 and Node2. User1 creates a new clustered File Server role named File1 by using the File Server for general use option. A report is generated during the creation of File1 as shown in the exhibit. (Click the Exhibit button.) File1 fails to start. You need to ensure that you can start File1. What should you do?

A. Log on to the domain by using the built-in Administrator for the domain, and then recreate the clustered File Server role by using the File Server for general use option. B. Recreate the clustered File Server role by using the File Server for scale-out Application data option. C. Assign the computer account permissions of Cluster2 to the Servers OU. D. Assign the user account permissions of User1 to the Servers OU. E. Increase the value of the ms-DS-MachineAccountQuota attribute of the domain.

Answer: B

QUESTION 212 Your network contains two servers named Server1 and Server 2. Both servers run Windows Server 2012 R2 and have the Hyper-V server role installed. Server1 hosts a virtual machine named VM1. The virtual machine configuration files and the virtual hard disks for VM1 are stored in D: \VM1. You shut down VM1 on Server1. You copy D:\VM1 to D:\VM1 on Server2. You need to start VM1 on Server2. You want to achieve this goal by using the minimum amount of administrative effort. What should you do?

A. Run the Import-VMIntialReplication cmdlet. B. Create a new virtual machine on Server2 and attach the VHD from VM1 to the new virtual machine. C. From Hyper-V Manager, run the Import Virtual Machine wizard. D. Run the Import-IscsiVirtualDisk cmdlet.

Answer: C

QUESTION 213 Your network contains an Active Directory forest. The forest contains one domain named adatum.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table. DC2 has all of the domain-wide operations master roles. DC3 has all of the forest-wide operation master roles. You need to ensure that you can use Password Settings objects (PSOs) in the domain. What should you do first?

QUESTION 214 Your network contains an Active Directory forest named contoso.com. The forest contains three domains. All domain controllers run Windows Server 2012 R2. The forest has a two-way realm trust to a Kerberos realm named adatum.com. You discover that users in adatum.com can only access resources in the root domain of contoso.com. You need to ensure that the adatum.com users can access the resources in all of the domains in the forest. What should you do in the forest?

QUESTION 215 Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012 R2. DC1 and DC2 fail to replicate Active Directory information. You confirm that DC1 and DC2 have network connectivity. The NTDS Settings of DC2 are configured as shown in the NTDS Settings exhibit. (Click tie Exhibit button.)

DNS is configured as shown in the DNS exhibit. (Click the Exhibit button.) You need to ensure that DC1 and DC2 can replicate immediately. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. From DC1, restart the Netlogon service. B. From DC2, run nltest.exe /sync. C. From DC1, run ipconfig /flushdns. D. From DO, run repadmin /syncall. E. From DC2, run ipconfig /registerdns. F. From DC2, restart the Netlogon service.

Answer: DE Explanation: The DC2 name/alias is not available in DNS. First we register the DC2 name from DC with the ipcpnfig /registerdns. (E) Then we synchronizes a specified domain controller DC1 (DC2 would also work) with all of its replication partners with repadmin /syncall. (D)

QUESTION 216 Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a Clustered Shared Volume (CSV). A developer creates an Application named App1. App1 is NOT a cluster-aware Application. App1 stores data in the file system. You need to ensure that App1 runs in Cluster1. The solution must minimize development effort. Which cmdlet should you run?

Answer: C Explanation: * Add-ClusterGenericApplicationRole Configure high availability for an application that was not originally designed to run in a failover cluster. * If you run an application as a Generic Application, the cluster software will start the application, then periodically query the operating system to see whether the application appears to be running. If so, it is presumed to be online, and will not be restarted or failed over.

QUESTION 217 You have a server named Server1 that runs Windows Server 2012 R2. You start Server1 by using Windows PE. You need to repair the Boot Configuration Data (BCD) store on Server1. Which tool should you use?

A. Bootim B. Bootsect C. Bootrec D. Bootcfg

Answer: C

QUESTION 218 Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 contains a Clustered Shared Volume (CSV). A developer creates an application named Appl. App1 is NOT a cluster-aware application. App1 stores data in the file system. You need to ensure that App1 runs in Cluster1. The solution must minimize development effort. Which cmdlet should you run?

Answer: D Explanation: * Add-ClusterGenericApplicationRole Configure high availability for an application that was not orig inally designed to run in a failover cluster. * If you run an application as a Generic Application, the cluster software will start the application, then periodically query the operating system to see whether the application appears to be running. If so, it is presumed to be online, and will not be restarted or failed over.

QUESTION 219 Hotspot Question Your network contains three Application servers that run Windows Server 2012 R2. The Application servers have the Network Load Balancing (NLB) feature installed. You create an NLB cluster that contains the three servers. You plan to deploy an Application named App1 to the nodes in the cluster. App1 uses TCP port 8080 and TCP port 8081. Clients will connect to App1 by using HTTP and HTTPS. When clients connect to App1 by using HTTPS, session state information will be retained locally by the cluster node that responds to the client request. You need to configure a port rule for App1. Which port rule should you use? To answer, select the appropriate rule in the answer area. Answer:

QUESTION 220 Hotspot Question Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2 that run Windows Server 2012 R2. The servers have the Hyper- V server role installed. A certification authority (CA) is available on the network. A virtual machine named vml.contoso.com is replicated from Server1 to Server2. A virtual machine named vm2.contoso.com is replicated from Server2 to Server1. You need to configure Hyper-V to encrypt the replication of the virtual machines. Which common name should you use for the certificates on each server? To answer, configure the appropriate common name for the certificate on each server in the answer area.

QUESTION 201 You have a server named Server1 that runs Windows Server 2012 R2. When you install a custom Application on Server1 and restart the server, you receive the following error message: “The Boot Configuration Data file is missing some required information.

File: \Boot\BCD Error code: 0x0000034.” You start Server1 by using Windows PE. You need to ensure that you can start Windows Server 2012 R2 on Server1. Which tool should you use?

QUESTION 202 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Active Directory Rights Management Services server role installed. Your company works with a partner organization that does not have its own Active Directory Rights Management Services (AD RMS) implementation. You need to create a trust policy for the partner organization. The solution must meet the following requirements: Grant users in the partner organization access to protected content. Provide users in the partner organization with the ability to create protected content. Which type of trust policy should you create?

QUESTION 203 Hotspot Question Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table. On DC1, you create an Active Directory-integrated zone named Zone1. You verify that Zone1 replicates to DC2. You use DNSSEC to sign Zone1. You discover that the updates to Zone1 fail to replicate to DC2. You need to ensure that Zone1 replicates to DC2. What should you configure on DC1? To answer, select the appropriate tab in the answer area. Answer:

QUESTION 204 Hotspot Question Your network contains two Hyper-V hosts that are configured as shown in the following table. You create a virtual machine on Server1 named VM1. You plan to export VM1 from Server1 and import VM1 to Server2. You need to ensure that you can start the imported copy of VM1 from snapshots. What should you configure on VM1? To answer, select the appropriate node in the answer area. Answer:

Note: * If the CPUs are from the same manufacturer but not from the same type, you may need to use Processor Compatibility. *(incorrect) The network adapter is already disconnected.

QUESTION 205 Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2. The domain contains two domain controllers. The domain controllers are configured as shown in the following table. You configure a user named User1 as a delegated administrator of DC10. You need to ensure that User1 can log on to DC10 if the network link between the Main site and the Branch site fails. What should you do?

A. On DC10, run ntdsutil and configure the settings in the Roles context. B. On DC10, run ntdsutil and configure the settings in the Local Roles context. C. Modify the properties of the DCIO computer account. D. Run repadmin and specify /replsingleobject parameter.

Answer: B Explanation: Modify the following policy: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on locally Note: * User Rights Assignment policies determines which users or groups have logon rights or privileges on the computer. * Delegated administrator accounts gain local administrative permissions to the RODC. These users can operate with privileges equivalent to the local computer’s Administrators group. They are not members of the Domain Admins or the domain built-in Administrators groups. This option is useful for delegating branch office administration without giving out domain administrative permissions. Configuring delegation of administration is not required.

QUESTION 206 You have a server named Server1 that runs Windows Server 2012 R2. You install the File and Storage Services server role on Server1. From Windows Explorer, you view the properties of a folder named Folder1 and you discover that the Classification tab is missing. You need to ensure that you can assign classifications to Folder1 from Windows Explorer manually. What should you do?

QUESTION 207 Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains three Active Directory sites named SiteA, SiteB, and SiteC. The sites contain four domain controllers. The domain controllers are configured as shown in the following table. An IP site link exits between each site. You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB. You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of the domain controllers in SiteB are unavailable. What should you do?

A. Create an SMTP site link between SiteB and SiteC. B. Create additional connection objects for DC3 and DC4. C. Decrease the cost of the site link between SiteB and SiteC. D. Create additional connection objects for DC1 and DC2.

Answer: C Explanation: By decreasing the site link cost between SiteB and SiteC the SiteC users would be authenticated by SiteB rather than by SiteA.

QUESTION 208 Your network contains two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 have the Hyper-V server role installed. Server1 and Server2 are configured as Hyper-V replicas of each other. Server2 hosts a virtual machine named VM5. VM5 is replicated to Server1. You need to verify whether the replica of VM5 on Server1 is functional. The solution must ensure that VM5 remains accessible to clients. What should you do from Hyper-V Manager?

A. On a server in Cluster2, click Migrate Roles. B. On a server in Cluster2, configure Cluster-Aware Updating. C. On a server in Cluster1, click Move Core Cluster Resources, and then click Select Node. D. On a server in Cluster1, configure Cluster-Aware Updating.

Answer: B Explanation: Note: * Cluster-Aware Updating (CAU) is an automated feature that allows you to update clustered servers with little or no loss in availability during the update process. During an Updating Run, CAU transparently performs the following tasks: Puts each node of the cluster into node maintenance mode Moves the clustered roles off the node Installs the updates and any dependent updates Performs a restart if necessary Brings the node out of maintenance mode Restores the clustered roles on the node Moves to update the next node For many clustered roles (formerly called clustered applications and services) in the cluster, the automatic update process triggers a planned failover, and it can cause a transient service interruption for connected clients. However, in the case of continuously available workloads in Windows Server 2012 R2, such as Hyper-V with live migration or file server with SMB Transparent Failover, CAU can coordinate cluster updates with no impact to the service availability.

QUESTION 209 Your network contains an Active Directory domain named contoso.com. The domain contains two member servers named Server1 and Server2. All servers run Windows Server 2012 R2. Server1 and Server2 have the Failover Clustering feature installed. The servers are configured as nodes in a failover cluster named Cluster1. Cluster1 has access to four physical disks. The disks are configured as shown in the following table. You need to ensure that all of the disks can be added to a Cluster Shared Volume (CSV). Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

Answer: BC Explanation: You cannot use a disk for a CSV that is formatted with FAT, FAT32, or Resilient File System (ReFS).

QUESTION 210 Your network contains an Active Directory forest named contoso.com. The contoso.com domain only contains domain controllers that run Windows Server 2012 R2. The forest contains a child domain named child.contoso.com. The child.contoso.com domain only contains domain controllers that run Windows Server 2008 R2. The child.contoso.com domain contains a member server named Server1 that runs Windows Server 2012 R2. You have access to four administrative user accounts in the forest. The administrative user accounts are configured as shown in the following table. You need to ensure that you can add a domain controller that runs Windows Server 2012 R2 to the child.contoso.com domain. Which account should you use to run adprep.exe?

QUESTION 91 Your network contains an Active Directory forest named contoso.com. The forest is managed by using Microsoft System Center 2012. Web developers must be able to use a self-service portal to request the deployment of virtual machines based on predefined templates. The requests must be approved by an administrator before the virtual machines are deployed. You need to recommend a solution to deploy the virtual machines. What should you include in the recommendation? More than one answer choice may achieve the goal. Select the BEST answer.

A. A Virtual Machine Manager (VMM) service template, a Service Manager service offering, and an Orchestrator runbook B. A Virtual Machine Manager (VMM) service template, an Operations Manager dashboard, and an Orchestrator runbook C. A Service Manager service offering, an Orchestrator runbook, and Configuration Manager packages D. A Service Manager service offering, an Orchestrator runbook, and an Operations Manager dashboard

Answer: A

QUESTION 92 You have a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server server role installed. You need to recommend changes to the DNS infrastructure to protect the cache from cache poisoning attacks. What should you configure on Server1?

QUESTION 93 Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the Network Policy Server server rote installed. You configure Server1 as part of a Network Access Protection (NAP) solution that uses the 802.lx enforcement method. You add a new switch to the network and you configure the switch to use 802.lx authentication. You need to ensure that only compliant client computers can access network resources through the new switch. What should you do on Server1?

A. Add the IP address of each new switch to the list of RADIUS clients. B. Add the IP address of each new switch to a connection request policy as an Access Client IPv4 Address. C. Add the IP address of each new switch to a remote RADIUS server group. D. Add the IP address of each new switch to a remediation server group.

Answer: A

QUESTION 94 Your network contains an Active Directory domain named contoso.com. All client computers run either Windows 7 or Windows 8. Some users work from customer locations, hotels, and remote sites. The remote sites often have firewalls that limit connectivity to the Internet. You need to recommend a VPN solution for the users. Which protocol should you include in the recommendation?

A. L2TP/IPSec B. PPTP C. IKEV2 D. SSTP

Answer: D

QUESTION 95 Your network contains an Active Directory domain named contoso.com. Your company has 100 users in the sales department. Each sales user has a domain-joined laptop computer that runs either Windows 7 or Windows 8. The sales users rarely travel to the company’s offices to connect directly to the corporate network. You need to recommend a solution to ensure that you can manage the sales users’ laptop computers when the users are working remotely. What solution should you include in the recommendation?

A. Deploy a Microsoft System Center 2012 Service Manager infrastructure. B. Deploy the Remote Access server role on a server on the internal network. C. Deploy the Network Policy and Access Services server role on a server on the internal network. D. Deploy a Microsoft System Center 2012 Operations Manager infrastructure.

Answer: B

QUESTION 96 Your network contains an Active Directory forest named contoso.com. The forest contains five domains. You need to ensure that the CountryCode attribute is replicated to the global catalog. What should you do?

QUESTION 97 Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2008 R2. All domain controllers are installed on physical servers. The network contains several Hyper-V hosts. The network contains a Microsoft System Center 2012 infrastructure. You plan to use domain controller cloning to deploy several domain controllers that will run Windows Server 2012. You need to recommend which changes must be made to the network infrastructure before you can use domain controller cloning. What should you recommend?

QUESTION 81 You have a server named Server1 that runs Windows Server 2012. You have a 3-TB database that will be moved to Server1. Server1 has the following physical disks: – Three 2-TB SATA disks that are attached to a single IDE controller – One 1-TB SATA disk that is attached to a single IDE controller You need to recommend a solution to ensure that the database can be moved to Server1. solution must ensure that the database is available if a single disk fails. What should you include in the recommendation?

A. Add each disk to a separate storage pool. Create a mirrored virtual disk. B. Add two disks to a storage pool. Add the other disk to another storage pool. Create a mirrored virtual disk. C. Add all of the disks to a single storage pool, and then create two simple virtual disks. D. Add all of the disks to a single storage pool, and then create a parity virtual disk.

Answer: D

QUESTION 82 Your company has a main office and a branch office. The network contains an Active Directory domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table. The domain contains two global groups. The groups are configured as shown in the following table. You need to ensure that the RODC is configured to meet the following requirements: – Cache passwords for all of the members of Branch1Users. – Prevent the caching of passwords for the members of Helpdesk. What should you do?

QUESTION 83 Your company has a main office, ten regional datacenters; and 100 branch offices. You are designing the site topology for an Active Directory forest named contoso.com. The forest will contain the following servers: – In each regional datacenter and in the main office, a domain controller that runs Windows Server – In each branch office, a file server that runs Windows Server 2012 You have a shared folder that is accessed by using the path \\contoso.com\shares\software. The folder will be replicated to a local file server in each branch office by using Distributed File System (DFS) replication. You need to recommend an Active Directory site design to meet the following requirements: – Ensure that users in the branch offices will be authenticated by a domain controller in the closest regional datacenter. – Ensure that users automatically connect to the closest file server when they access \\contoso.com\shares\software. How many Active Directory sites should you recommend?

A. 1 B. 10 C. 11 D. 111 Answer: D

Answer:

QUESTION 84 Your network contains an Active Directory forest named contoso.com. Your company merges with another company that has an Active Directory forest named litwareinc.com. Each forest has one domain. You establish a two-way forest trust between the forests. The network contains three servers. The servers are configured as shown in the following table. You confirm that the client computers in each forest can resolve the names of the client computers in both forests. On dc1.litwareinc.com, you create a zone named GlobalNames. You need to recommend changes in both forests to ensure that the users in both forests can resolve single-label names by using the GlobalNames zone in litwareinc.com. Which changes should you recommend? To answer, drag the appropriate configuration to the correct server in the answer area. Each configuration may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content. Answer:

QUESTION 85 Your network contains an Active Directory domain named contoso.com. The domain contains three Active Directory sites. The Active Directory sites are configured as shown in the following table: The sites connect to each other by using the site links shown in the following table: You need to design the Active Directory site topology to meet the following requirements: – Ensure that all replication traffic between Site2 and Site3 replicates through Site1 if a domain controller in Site1 is available. – Ensure that the domain controllers between Site2 and Site3 can replicate if all of the domain controllers in Site1 are unavailable. What should you do?

A. Delete Link3. B. Create one SMTP site link between Site1 and Site3. Create one SMTP site link between Site1 and Site2. C. Create one site link bridge. D. Modify the cost of Link2.

Answer: D

QUESTION 86 Your company has a main office and a branch office. The network contains an Active Directory domain named contoso.com. The domain contains three domain controllers. The domain controllers are configured as shown in the following table. The domain contains two global groups. The groups are configured as shown in the following table. You need to ensure that the RODC is configured to meet the following requirements: – Cache passwords for all of the members of Branch1Users. – Prevent the caching of passwords for the members of Helpdesk. What should you do?

A. Create a Password Settings object (PSO) for the Helpdesk group. B. Install the BranchCache feature on RODC1. C. Modify the membership of the Allowed RODC Password Replication group of RODC1. D. Modify the membership of the Denied RODC Password Replication group of RODC1.

Answer: C

QUESTION 87 Your company has a main office and 20 branch offices. All of the offices connect to each other by using a WAN link. The network contains an Active Directory forest named contoso.com. The forest contains a domain for each office. The forest root domain contains all of the server resources. Each branch office contains two domain controllers for the branch office domain and one domain controller for the contoso.com domain. Each branch office has a support technician who is responsible for managing the accounts of their respective office only. You recently updated all of the WAN links to high-speed WAN links. You need to recommend changes to the Active Directory infrastructure to meet the following requirements: – Reduce the administrative overhead of moving user accounts between the offices. – Ensure that the support technician in each office can manage the user accounts of their respective office. What should you include in the recommendation? More than one answer choice may achieve the goal. Select the BEST answer.

A. Create shortcut trusts between each child domain. In the main office, add a domain controller to each branch office domain. B. Create a new child domain named corp.contoso.com. Create a shortcut trust between each child domain and corp.contoso.com. C. Move all of the user accounts of all the branch offices to the forest root domain. Decommission all of the child domains. D. Create a new forest root domain named contoso.local. Move all of the user accounts of all the branch offices to the new forest root domain. Decommission all of the child domains.

Answer: C

QUESTION 88 Your company, which is named Contoso, Ltd., has a main office and two branch offices. The main office is located in North America. The branch offices are located in Asia and Europe. You plan to design an Active Directory forest and domain infrastructure. You need to recommend an Active Directory design to meet the following requirements: The contact information of all the users in the Europe office must not be visible to the users in the other offices. The administrators in each office must be able to control the user settings and the computer settings of the users in their respective office. The solution must use the least amount of administrative effort. What should you include in the recommendation?

A. One forest that contains three domains B. One forest that contains one domain C. Three forests that each contain one domain D. Two forests that each contain one domain

Answer: A

QUESTION 89 Your network contains an Active Directory forest named contoso.com. You plan to deploy 200 Hyper-V hosts by using Microsoft System Center 2012 Virtual Machine Manager (VMM) Service Pack 1 (SP1). You add a PXE server to the fabric. You need to identify which objects must be added to the VMM library for the planned deployment. What should you identify? (Each correct answer presents part of the solution. Choose all that apply.)

A. A host profile B. A capability profile C. A hardware profile D. A generalized image E. A service template

Answer: AD

QUESTION 90 You plan to deploy multiple servers in a test environment by using Windows Deployment Services (WDS). You need to identify which network services must be available in the test environment to deploy the servers. Which network services should you identify? (Each correct answer presents part of the solution.Choose ail that apply.)

QUESTION 71 Your company has a main office and four branch offices. The main office is located in London. The network contains an Active Directory domain named contoso.com. The network is configured as shown in the exhibit. (Click the Exhibit button.) Each office contains several servers that run Windows Server 2012. In each branch office, you plan to deploy an additional 20 servers that will run Windows Server 2012. Some of the servers will have a Server Core Installation of Windows Server 2012. You identify the following requirements for the deployment of the new servers: – Operating system images must be administered centrally. – The operating system images must be deployed by using PXE. – The WAN traffic caused by the deployment of each operating system must be minimized. You need to recommend a solution for the deployment of the new servers. What should you recommend?

A. Deploy Windows Deployment Services (WDS) in each office. Replicate the images by using Distributed File System (DFS) Replication. B. Deploy Windows Deployment Services (WDS) in each office. Copy the images by using BranchCache. C. Deploy Windows Deployment Services (WDS) in the main office only. Copy the images by using BranchCache. D. Deploy Windows Deployment Services (WDS) in the main office only. Replicate the images by using Distributed File System (DFS) Replication.

Answer: A

QUESTION 72 Your network contains an Active Directory domain named contoso.com. The domain contains a Microsoft System Center 2012 infrastructure. The domain contains two sites named Site1 and Site2. The sites connect to each other by using a 1-Mbps WAN link. The sites contain four servers. The servers are configured as shown in the following table. In Site2, you plan to deploy 50 Hyper-V hosts. You need to recommend a solution to deploy the Hyper-V hosts by using VMM. The solution must minimize the amount of traffic between Site1 and Site2 during deployment. What should you recommend?

A. On Server4, install VMM. From the Virtual Machine Manager console, add Server1 as a PXE server and add Server4 as a library server. B. On Server4/ install VMM. From the Virtual Machine Manager console, add Server1 as a PXE server and a library server. C. On Server4, install WDS. From the Virtual Machine Manager console, add Server4 as a PXE server and a library server. D. On Server4, install WDS. From the Virtual Machine Manager console, add Server4 as a PXE server and add Server1 as a library server.

Answer: C

QUESTION 73 Your network contains an Active Directory forest named contoso.com. You plan to add a new domain named child.contoso.com to the forest. On the DNS servers in child.contoso.com, you plan to create conditional forwarders that point to the DNS servers in contoso.com. You need to ensure that the DNS servers in contoso.com can resolve names for the servers in child. contoso.com. What should you create on the DNS servers in contoso.com?

A. A root hint B. A zone delegation C. A conditional forwarder D. A trust point

Answer: B

QUESTION 74 Your network contains a server named Server1 that runs Windows Server 2012. Server1 has the DHCP Server server role installed. The network contains a Virtual Desktop Infrastructure (VDI). All virtual machines run Windows 8. You identify the following requirements for allocating IPv4 addresses to client computers: – All virtual desktops must have static IP addresses. – All laptop computers must receive dynamic IP addresses. – All virtual desktops must be prevented from obtaining dynamic address. You need to recommend a DHCP solution that meets the requirements for allocating IPv4 addresses. The solution must use the least amount of administrative effort. What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.

QUESTION 75 Your network contains an Active Directory forest that has two domains named contoso.com and europe. contoso.com. The forest contains five servers. The servers are configured as shown in the following table. You plan to manage the DHCP settings and the DNS settings centrally by using IP Address Management (IPAM). You need to ensure that you can use IPAM to manage the DHCP and DNS settings in both domains. The solution must use the minimum amount of administrative effort. What should you do?

A. Upgrade DCE1 and DCE2 to Windows Server 2012, and then install the IP Address Management (IPAM) Server feature. Run the Invoke-IpamGpoProvisioning cmdlet for each domain. B. Upgrade DCE1 and DCE2 to Windows Server 2012, and then install the IP Address Management (IPAM) Server feature. Run the Set-IpamConfiguration cmdlet for each domain. C. Upgrade DC1 and DC2 to Windows Server 2012, and then install the IP Address Management (IPAM) Server feature. Run the Set-IpamConfiguration cmdlet for each domain. D. Upgrade DC1 and DC2 to Windows Server 2012, and then install the IP Address Management (IPAM) Server feature. Run the Invoke-IpamGpoProvisioning cmdlet for each domain.

Answer: A

QUESTION 76 Your company is a hosting provider that provides cloud-based services to multiple customers. Each customer has its own Active Directory forest located in your company’s datacenter. You plan to provide VPN access to each customer. The VPN solution will use RADIUS for authentication services and accounting services. You need to recommend a solution to forward authentication and accounting messages from the perimeter network to the Active Directory forest of each customer. What should you recommend? More than one answer choice may achieve the goal. Select the BEST answer.

A. A RADIUS server for each customer and one RADIUS proxy B. A RADIUS server for each customer and a RADIUS proxy for each customer C. One RADIUS proxy and one Active Directory Lightweight Directory Services (AD LDS) instance for each customer D. One RADIUS proxy for each customer and Active Directory Federation Services (AD FS)

Answer: A

QUESTION 22 Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2008 R2. You plan to replace the domain controllers with new servers that run Windows Server 2012. The new servers will be named DC3 and DC4. You need to recommend a strategy to replace DC1 and DC2 with DC3 and DC4. The solution must minimize the amount of disruption to the users. Which three actions should you recommend? To answer, move the appropriate three actions from the list of actions to the answer area and arrange them in the correct order. Answer:

QUESTION 77 Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. You plan to decommission the fabrikam.com domain. You need to perform the following migration tasks: – Copy user accounts from the fabrikam.com domain to the contoso.com domain. – Move the client computers from fabrikam.com to contoso.com. The solution must ensure that all of the user profiles are associated to the migrated user accounts. Which tool should you use to perform each task? To answer, drag the appropriate tool to the correct migration task in the answer area. Each tool may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content. Answer:

QUESTION 78 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2008 R2. Server1 is a file server. You deploy a new member server named Server2 that runs Windows Server 2012. You plan to migrate file shares from Server1 to Server2. File share and NTFS permissions are assigned only to domain local groups. You need to identify which actions are required to perform the migration. Which five actions should you identify? To answer, move the five appropriate actions from the list of actions to the answer area and arrange them in the correct order. Answer:

QUESTION 79 Your company plans to deploy a remote access solution to meet the following requirements: – Ensure that client computers that are connected to the Internet can be managed remotely without requiring that the user log on. – Ensure that client computers that run Windows Vista or earlier can connect remotely. – Ensure that non-domain-joined computers can connect remotely by using TCP port 443. You need to identify which remote access solutions meet the requirements. Which solutions should you identify? To answer, drag the appropriate solution to the correct requirement in the answer area. Each solution may be used once, more than once, or not at all. Additionally, you may need to drag the split bar between panes or scroll to view content. Answer:

QUESTION 80 Your network contains an Active Directory domain named contoso.com. The domain contains three Active Directory sites. The Active Directory sites are configured as shown in the following table. The sites connect to each other by using the site links shown in the following table. You need to design the Active Directory site topology to meet the following requirements: – Ensure that all replication traffic between Site2 and Site3 replicates through Site1 if a domain controller in Site1 is available. – Ensure that the domain controllers between Site2 and Site3 can replicate if all of the domain controllers in Site1 are unavailable. What should you do?

A. Delete Link2. B. Create one SMTP site link between Site1 and Site3. Create one SMTP site link between Site1 and Site2. C. Create one site link bridge. D. Delete Link1.